In Linux, the Log Scanner utility is launched from the command line as follows:
./log_scanner [-h|--help] [-r|--report] [-c|--config] [[-p|--path]|[-s|--hash]|[-u|--url]|[-i|--ip]] [value]
In Windows, the Log Scanner utility is launched from the command line as follows:
log_scanner.exe [-h|--help] [-r|--report] [-c|--config] [[-p|--path]|[-s|--hash]|[-u|--url]|[-i|--ip]] [value]
The following table explains the command-line options.
Command-line options of Log Scanner
Option |
Description |
|
Prints the usage message to the screen. If this option is specified, all other options are ignored. |
|
If this option is specified, Feed Service will return the response to Log Scanner in the same socket in which the request was sent, and Log Scanner will save the result in a text file. The output file is named If a URL, IP address, or hash is found in Kaspersky Threat Data Feeds, its category and context information is written to the output. After the entire input is processed, the following information is written to the output:
If this option is specified, make sure that the value of the |
|
Path to the configuration file. It can be either an absolute or a relative path. A relative path is calculated relative to the directory from which you run Log Scanner. By default, Log Scanner uses the log_scanner.conf configuration file that is placed in the directory from which you run Log Scanner. |
|
Path to a directory or text file that contains URLs, IP addresses, and hashes to check against Kaspersky Threat Data Feeds. It can be an absolute or a relative path. A relative path is calculated relative to the directory that contains the Log Scanner binary file. If the path to a directory is specified, all files contained in it and all its all-level subdirectories are processed. Each line of each processed file is sent to Feed Service as the data to be checked. No further formatting is applied. Feed Service will parse the lines by using the regular expressions set in its configuration file. You can specify several paths; in this case, use the
|
|
Hashes to be checked against Kaspersky Threat Data Feeds. They can be MD5 hashes, SHA1 hashes, or SHA256 hashes; Log Scanner determines the type of a hash on the basis of its length. If several hashes are specified, they must be separated by space symbols. For example:
|
|
IP addresses to be checked against Kaspersky Threat Data Feeds. If several IP addresses are specified, they must be separated by space symbols. For example:
|
|
URLs to be checked against Kaspersky Threat Data Feeds. If several URLs are specified, they must be separated by space symbols. For example:
Do not use the |
If you specify none of the -p
, -s
, -u
, or -i
options, and specify only the value to check, this value will be treated as the path to the file or directory to be scanned.
The Log Scanner utility uses the current locale of the operating system.
Page top