Appendix B. List of command line options

B.1. General

  1. -D, --daemon Run as daemon.

  2. --foreground Stay in the foreground, do not run as daemon.

  3. -f, --forever Loop forever, even if not daemon.

  4. --bind-address=<IP-Address> Use this IP address (i.e. interface) for outgoing connections (e.g. on multi-interface machines).

  5. --server-port=<port number> Connect to this port on the server (client-side option for client-server connection).

  6. -s <arg>, --set-syslog-severity=<arg> Set the severity threshold for syslog. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert.

  7. -l <arg>, --set-log-severity=<arg> Set the severity threshold for logfile. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert.

  8. -m <arg>, --set-mail-severity=<arg> Set the severity threshold for e-mail. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert.

  9. --set-database-severity=<arg> Set the severity threshold for logging to a RDBMS. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert.

  10. --set-prelude-severity=<arg> Set the severity threshold for logging to the Prelude IDS system. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert.

  11. -p <arg>, --set-print-severity=<arg> Set the severity threshold for terminal/console. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert.

  12. -x <arg>, --set-extern-severity=<arg> Set the severity threshold for external program(s). arg may be one of none, debug, info, notice, warn, mark, err, crit, alert.

  13. -L <arg>, --verify-log=<arg> Verify the integrity of the log file and print the entries (arg is the path of the log file).

  14. -j, --just-list Modify -L to just list the logfile, rather than verify (to de-obfuscate the logfile if you have compiled for stealth mode). Order matters: this must come before -L.

  15. -M <arg>, --verify-mail=<arg> Verify the integrity of e-mailed messages (arg is the path of the mail box).

  16. -V <arg>, --add-key=<arg> Add key material to the compiled-in key (see Section 11.2>). arg must be of the form key@/path/to/executable. Output will be written to /path/to/executable.out.

  17. -H <arg>, --hash-string=<arg> Print the hash of a string / the checksum of a file, and exit. If arg starts with a '/', it is assumed to be a file, otherwise a string. This function is useful to test the hash algorithm.

  18. -z <arg>, --tracelevel=<arg> If compiled with --enable-debug: arg > 0 to switch on debug output. If compiled with --enable-trace: arg > 0 max. level for call tracing.

  19. -i <arg>, --milestone=<arg> If compiled with --enable-trace: trace from milestone arg to arg+1. If arg = -1, trace all.

  20. -d <arg>, --list-database=<arg> List the database file arg (use ``default'' for the compiled-in path).

  21. --list-file=<path> Modify -d to list the literal content of a file, if this has been stored. Order matters: this must come before -d.

  22. -a, --full-detail Modify -d to list full details (numeric mode, owner, group, all three timestamps (ctime, mtime, atime), and the checksum. Order matters: this must come before -d.

  23. --delimited Same as --full-detail, but with comma-delimited fields.

  24. -c, --copyright Print copyright information and exit.

  25. -v, --version Show version information and compiled-in options.

  26. -h, --help Print a short help on command line options and exit.

  27. --trace-enable Print a trace of the execution flow.

  28. --trace-logfile=<arg> Use file arg to log the trace.