Provided by: fever_1.0.8-4_amd64 
NAME
fever-run - start FEVER service
SYNOPSIS
fever run [flags]
DESCRIPTION
The 'run' command starts the FEVER service, consuming events from the input and executing
all processing components.
OPTIONS
--active-rdns[=false]
enable active rDNS enrichment for src/dst IPs
--active-rdns-cache-expiry=2m0s
cache expiry interval for rDNS lookups
--active-rdns-private-only[=false]
only do active rDNS enrichment for RFC1918 IPs
--bloom-alert-prefix="BLF"
String prefix for Bloom filter alerts
--bloom-blacklist-iocs=[/,/index.htm,/index.html]
Blacklisted strings in Bloom filter (will cause filter to be rejected)
-b, --bloom-file=""
Bloom filter for external indicator screening
-z, --bloom-zipped[=false]
use gzipped Bloom filter file
-c, --chunksize=50000
chunk size for batched event handling (e.g. inserts)
--context-cache-timeout=1h0m0s
time for flow metadata to be kept for uncompleted flows
--context-enable[=false]
collect and forward flow context for alerted flows
--context-submission-exchange="context"
Exchange to which flow context events will be submitted
--context-submission-url="amqp://guest:guest@localhost:5672/"
URL to which flow context will be submitted
-d, --db-database="events"
database DB
--db-enable[=false]
write events to database
-s, --db-host="localhost:5432"
database host
--db-maxtablesize=500
Maximum allowed cumulative table size in GB
-m, --db-mongo[=false]
use MongoDB
-p, --db-password="sensor"
database password
--db-rotate=1h0m0s
time interval for database table rotations
-u, --db-user="sensor"
database user
--dummy[=false]
log locally instead of sending home
--flowextract-bloom-selector=""
IP address Bloom filter to select flows to extract
--flowextract-enable[=false]
extract and forward flow metadata
--flowextract-submission-exchange="flows"
Exchange to which raw flow events will be submitted
--flowextract-submission-url="amqp://guest:guest@localhost:5672/"
URL to which raw flow events will be submitted
-n, --flowreport-interval=0s
time interval for report submissions
--flowreport-nocompress[=false]
send uncompressed flow reports (default is gzip)
--flowreport-submission-exchange="aggregations"
Exchange to which flow reports will be submitted
--flowreport-submission-url="amqp://guest:guest@localhost:5672/"
URL to which flow reports will be submitted
--flushcount=100000
maximum number of events in one batch (e.g. for flow extraction)
-f, --flushtime=1m0s
time interval for event aggregation
-T, --fwd-all-types[=false]
forward all event types
-t, --fwd-event-types=[alert,stats]
event types to forward to socket
-h, --help[=false]
help for run
-r, --in-redis=""
Redis input server (assumes "suricata" list key, no pwd)
--in-redis-nopipe[=false]
do not use Redis pipelining
-i, --in-socket="/tmp/suri.sock"
filename of input socket (accepts EVE JSON)
--ip-alert-prefix="IP-BLACKLIST"
String prefix for IP blacklist alerts
--ip-blacklist=""
List with IP ranges to alert on
--logfile=""
Path to log file
--logjson[=false]
Output logs in JSON format
--metrics-enable[=false]
submit performance metrics to central sink
--metrics-submission-exchange="metrics"
Exchange to which metrics will be submitted
--metrics-submission-url="amqp://guest:guest@localhost:5672/"
URL to which metrics will be submitted
-o, --out-socket="/tmp/suri-forward.sock"
path to output socket (to forwarder), empty string disables forwarding
--pdns-enable[=false]
collect and forward aggregated passive DNS data
--pdns-submission-exchange="pdns"
Exchange to which passive DNS events will be submitted
--pdns-submission-url="amqp://guest:guest@localhost:5672/"
URL to which passive DNS events will be submitted
--profile=""
enable runtime profiling to given file
--reconnect-retries=0
number of retries connecting to socket or sink, 0 = no retry limit
--toolname="fever"
set toolname
-v, --verbose[=false]
enable verbose logging (debug log level)
OPTIONS INHERITED FROM PARENT COMMANDS
--config=""
config file (default is $HOME/.fever.yaml)
SEE ALSO
fever(1)
HISTORY
13-Oct-2019 Auto generated by spf13/cobra