Sentinel: Correlation command line options

  • 3512162
  • 06-Dec-2006
  • 26-Apr-2012

Environment

Windows 2000 sp4; 2003 sp1
Solaris 9
Redhat Linux ES 3
Sentinel 5.1.x

Situation

What are the command line options for Sentinel 5.1.0.0 correlation engine?

Resolution

Command line options should be used by advanced users. Typical users should not make modifications based on using these options. To access the command line options, go to:

For UNIX:

$ESEC_HOME/sentinel/bin

For Windows

%ESEC_HOME%\sentinel\bin

To run the command line option, enter:

correlation_engine

Correlation Command-line Option

Description

-debug

Debug mode (print extensive debug information)

-noErrorLogging

Disable error logging to Windows Event Log.

-ruleFile

Specify text file containing rules to be processed by Correlation Engine instance

-xmlruleFile

Specify xml configurations file to store a local copy of the rules contained on the database.

Default: startup_correlation_rules.xml

-inputChannel

Specify communication layer input channel for Correlation Engine.

Default: ewizard_binary_event

-outputChannel

Specify communication layer output channel for Correlation Engine.

Default: correlation_binary_event.

-outputUpdateChannel

Specify communication layer output update channel for correlation engine.

Default: correlation_binary_event_update

-outputExecuteChannel

Specify communication layer output execute channel for Correlation Engine.

Default: execute

-outputIncidentChannel

Specify communication layer output incident channel for Correlation Engine.

Default: app_incident_req

-service

Specify communication service (configuration parameter) for Correlation Engine.

Default: correlation_engine

-mgmtInputChannel

Specify communication layer management input channel for Correlation Engine.


Default: correlation_mgmt_input_channel

-mgmtOutputChannel

Specify communication layer management output channel for Correlation Engine.

Default: correlation_mgmt_output_channel

-mgmtService

Specify communication management service (configuration parameter) for Correlation Engine.

Default: correlation_engine_mgmt

-configurationFile

Specify file to override Correlation Engine default configuration startup parameters.

Default: + 30 seconds of the Sentinel Server time.

-noStartupRules

Set Correlation Engine to run without retrieving rules stored in the database. The option -ruleFile also bypasses database retrieval.

-dbTimeout

Set the timeout value for retrieving the rules stored in the database.

Default: 5000 milliseconds

-dbRetries

Set the number of retries to contact the database.

Default: 6

-name

Sets the reporter name of this correlation engine.

Default: Correlation Engine.

-affinityOneProcessor

Set Correlation Engine to run only on one processor.

-useEventTime

This is for test and should not be used.

-useNullOutput

This is for test and should not be used.

-logFile

This directs the status to a file.

-logPeriod

This controls how often the status is written to file.

-version

Display the build version and exit.

-help

Display this help and exit.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.