| FEVER-RUN(1) | FEVER-RUN(1) |
fever-run - start FEVER service
fever run [flags]
The 'run' command starts the FEVER service, consuming events from the input and executing all processing components.
--bloom-alert-prefix="BLF"
String prefix for Bloom filter alerts
-b, --bloom-file=""
Bloom filter for external indicator screening
-z, --bloom-zipped[=false]
use gzipped Bloom filter file
-c, --chunksize=50000
chunk size for batched event handling (e.g. inserts)
-d, --db-database="events"
database DB
--db-enable[=false]
write events to database
-s, --db-host="localhost:5432"
database host
--db-maxtablesize=500
Maximum allowed cumulative table size in GB
-m, --db-mongo[=false]
use MongoDB
-p, --db-password="sensor"
database password
--db-rotate=1h0m0s
time interval for database table rotations
-u, --db-user="sensor"
database user
--dummy[=false]
log locally instead of sending home
--flowextract-bloom-selector=""
IP address Bloom filter to select flows to extract
--flowextract-enable[=false]
extract and forward flow metadata
--flowextract-submission-exchange="flows"
Exchange to which raw flow events will be submitted
--flowextract-submission-url="amqp://guest:guest@localhost:5672/"
URL to which raw flow events will be submitted
-n, --flowreport-interval=0s
time interval for report submissions
--flowreport-nocompress[=false]
send uncompressed flow reports (default is gzip)
--flowreport-submission-exchange="aggregations"
Exchange to which flow reports will be submitted
--flowreport-submission-url="amqp://guest:guest@localhost:5672/"
URL to which flow reports will be submitted
--flushcount=100000
maximum number of events in one batch (e.g. for flow extraction)
-f, --flushtime=1m0s
time interval for event aggregation
-T, --fwd-all-types[=false]
forward all event types
-t, --fwd-event-types=[alert,stats]
event types to forward to socket
-h, --help[=false]
help for run
-r, --in-redis=""
Redis input server (assumes "suricata" list key, no pwd)
--in-redis-nopipe[=false]
do not use Redis pipelining
-i, --in-socket="/tmp/suri.sock"
filename of input socket (accepts EVE JSON)
--ip-alert-prefix="IP-BLACKLIST"
String prefix for IP blacklist alerts
--ip-blacklist=""
List with IP ranges to alert on
--logfile=""
Path to log file
--logjson[=false]
Output logs in JSON format
--metrics-enable[=false]
submit performance metrics to central sink
--metrics-submission-exchange="metrics"
Exchange to which metrics will be submitted
--metrics-submission-url="amqp://guest:guest@localhost:5672/"
URL to which metrics will be submitted
-o, --out-socket="/tmp/suri-forward.sock"
path to output socket (to forwarder), empty string disables forwarding
--pdns-enable[=false]
collect and forward aggregated passive DNS data
--pdns-submission-exchange="pdns"
Exchange to which passive DNS events will be submitted
--pdns-submission-url="amqp://guest:guest@localhost:5672/"
URL to which passive DNS events will be submitted
--profile=""
enable runtime profiling to given file
--reconnect-retries=0
number of retries connecting to socket or sink, 0 = no retry limit
--toolname="fever"
set toolname
-v, --verbose[=false]
enable verbose logging (debug log level)
--config=""
config file (default is $HOME/.fever.yaml)
15-Feb-2019 Auto generated by spf13/cobra
| Feb 2019 | FEVER |