Environment
Situation
Resolution
Command line options should be used by advanced users. Typical users should not make modifications based on using these options. To access the command line options, go to:
For UNIX:
$ESEC_HOME/sentinel/bin
For Windows
%ESEC_HOME%\sentinel\bin
To run the command line option, enter:
correlation_engine
Correlation Command-line Option | Description |
-debug | Debug mode (print extensive debug information) |
-noErrorLogging | Disable error logging to Windows Event Log. |
-ruleFile | Specify text file containing rules to be processed by Correlation Engine instance |
-xmlruleFile | Specify xml configurations file to store
a local copy of the rules contained on the database. |
-inputChannel | Specify communication layer input
channel for Correlation Engine. |
-outputChannel | Specify communication layer output
channel for Correlation Engine. |
-outputUpdateChannel | Specify communication layer output update channel for correlation engine. Default: correlation_binary_event_update |
-outputExecuteChannel | Specify communication layer output
execute channel for Correlation Engine. |
-outputIncidentChannel | Specify communication layer output
incident channel for Correlation Engine. |
-service | Specify communication service
(configuration parameter) for Correlation Engine. |
-mgmtInputChannel | Specify communication layer management input channel for Correlation Engine.
|
-mgmtOutputChannel | Specify communication layer management
output channel for Correlation Engine. Default: correlation_mgmt_output_channel |
-mgmtService | Specify communication management service
(configuration parameter) for Correlation Engine. Default: correlation_engine_mgmt |
-configurationFile | Specify file to override Correlation Engine default configuration startup parameters. Default: + 30 seconds of the Sentinel Server time. |
-noStartupRules | Set Correlation Engine to run without retrieving rules stored in the database. The option -ruleFile also bypasses database retrieval. |
-dbTimeout | Set the timeout value for retrieving the rules stored in the database. Default: 5000 milliseconds |
-dbRetries | Set the number of retries to contact the database. Default: 6 |
-name | Sets the reporter name of this correlation engine. Default: Correlation Engine. |
-affinityOneProcessor | Set Correlation Engine to run only on one processor. |
-useEventTime | This is for test and should not be used. |
-useNullOutput | This is for test and should not be used. |
-logFile | This directs the status to a file. |
-logPeriod | This controls how often the status is written to file. |
-version | Display the build version and exit. |
-help | Display this help and exit. |