ooda - the shoki event correlator
ooda [-A dbpass] [-b dbname] [-C conf_file] [-d] [-D chrdir] [-h] [-H dbhost] [-L logfname] [-P pidfile] [-U luser] [-v verbosity]
ooda is a daemon which correlates events output by the other shoki widgets. Among other things, it writes dynamic signatures to the doctrine_filters table of the shoki database, which in turn are used by the dlex(8) widget.
The behaviour of ooda is largely governed by doctrine files. For more information about the format of doctrine files, consult the shoki.doctrine(5) manpage.
More information about the internal functioning of the ooda widget can be found in the ooda(7) manpage.
-A dbpass Specifies the passwd to use when connecting to the database. This should only be necessary if the database is running on another machine. -b dbname Specifies the name of the database to connect to. -C conf_file Read an alternate config file. By default, /usr/local/shoki/etc/lexer.conf will be used. -d If specified, ooda will run in the foreground and not fork. -D chrdir If specified, will do a chroot(2) to chrdir. -h Display a usage message and exit. -H dbhost Specifies the name of the database host. If the -H flag is not given, ooda will attempt to connect to the database on a local UNIX socket. -L logfile For filter methods that support logging to a file, output will be sent to logfile. Use `-' (without the quotes) for stdout. -P pidfile Writes PID of the ooda process to pidfile, which cannot be an existing file. -U luser If specified, setuid/setgid to specified luser. -v verbosity Set the verbosity level to verbose. Exactly what this entails tends to vary from release to release. In general, you wont want to specify a verbosity level unless you're doing debugging.
/usr/local/shoki/etc/ooda.conf ooda config file.
.An Stephen P. Berry <firstname.lastname@example.org>
More information can be found at the shoki homepage:
Check the README at the top of the source tree.
shoki.doctrine(5), ooda(7), dlex(8)
|January 13, 2004||OODA (8)||shoki|