Kaspersky CyberTrace
Administrator guides > Feed Utility guide > Feed Utility command-line options

Feed Utility command-line options

Feed Utility is a console application. You can invoke it from the command line.

Syntax

Feed Utility uses the following syntax in Linux:

./kl_feed_util [options]

Feed Utility uses the following syntax in Windows:

kl_feed_util.exe [options]

Options

The following options are available:

  • -h [ --help ]

    Prints the help message.

  • -v [ --verbose ]

    Enables verbose mode.

    If verbose mode is enabled, Feed Utility prints detailed information about its activity to the screen. If verbose mode is disabled, brief information is printed.

  • -s [ --silent ]

    Enables silent mode.

    If silent mode is enabled, Feed Utility does not print information about its activity to the screen.

  • -c [ --config ] arg

    Specifies the path to the configuration file. The path must be specified in the arg argument.

    You can use absolute or relative paths. If a relative path is specified, it is calculated relative to the Feed Utilty binary file.

    The default value for this parameter is kl_feed_util.conf. Feed Utility searches for this file in the directory where its binary file is located.

  • -d [ --download ]

    Enables downloading mode.

    If this option is specified, Feed Utility downloads feeds, but does not process them.

    Downloaded files will be located in the directory specified in the WorkDir parameter of the Feed Utility configuration file.

  • -u [ --unpack ]

    Unpack downloaded feeds.

    If this option is specified, Feed Utility unpacks the feeds after downloading.

    This option can be used only in combination with -d or -p option.

  • -p [ --processing ]

    Enables processing mode.

    If this option is specified, Feed Utility processes feeds, but does not download or unpack them. Feed Utility does not delete the original feed files.

    Feed Utility looks for feeds in the directory specified in the WorkDir parameter of the Feed Utility configuration file.

    In processing mode, Feed Utility does not delete the original feed files, located in the WorkDir directory. This may lead to a situation where this directory contains several versions of one feed file. In this case, Feed Utility will print an error message. To avoid this situation, you must manually delete the original feed files from the WorkDir directory after they are processed by Feed Utility.

  • -f [--feed] arg

    Download or process the specified feed.

    The name of the feed must be specified in the arg argument. This name must correspond to the value of the Name parameter specified in feed rules (Feeds > Feed > Name).

    You can specify more than one feed. In this case, separate feed names with a semicolon (;).

    This parameter can be used with -d and -p parameters.

  • -i [--input]

    Parses an external feed and converts it to JSON format according to parsing rules defined for this feed.

    The name of the feed must be specified with -f format.

  • --set-proxy username:password@host:port

    Writes specified proxy connection settings to the Feed Utility configuration file. The username and password parameters are written in encrypted form.

    Specify the user name in the username parameter, password in the password parameter, and proxy server address and port in the host and port parameters.

    If a proxy server does not require authentication, use the --set-proxy host:port format.

  • --set-taxii username:password@feedname@taxii-address@collectionname

    Writes specified TAXII server connection settings to the Feed Utility configuration file. The username and password parameters are written in encrypted form.

    If a TAXII server does not require authentication, use the feedname@taxii-address@collectionname format.

  • --set-basic-auth username:password@feedname

    Writes the specified basic authentication settings to the Feed Utility configuration file. The username and password parameters are written in encrypted form.

    If a password is not required, use the username:@feedname format.

  • --speedtest

    Measures the average speed with which Feed Utility downloads feeds from Kaspersky servers.

    You can combine this parameter with the parameter to specify the path to the configuration file that will be used.

Syntax examples

The following command runs Feed Utility with default parameters. Feed Utility will download, unpack, and process feeds.

  • In Linux:

    ./kl_feed_util
  • In Windows:

    kl_feed_util.exe

The following command runs Feed Utility in verbose mode with a configuration file named custom_configuration.conf, which is located in the same directory as the utility binary file.

  • In Linux:

    ./kl_feed_util -v -c custom_configuration.conf
  • In Windows:

    kl_feed_util.exe -v -c custom_configuration.conf

The following command makes Feed Utility download and unpack feeds.

  • In Linux:

    ./kl_feed_util -d -u
  • In Windows:

    kl_feed_util.exe -d -u

With the following command, Feed Utility processes the unpacked feeds. In this case, Feed Utility does not download the feeds; it only looks for the unpacked feed files and processes them.

  • In Linux:

    ./kl_feed_util -p

  • In Windows:

    kl_feed_util.exe -p

The following command makes Feed Utility unpack and process feeds.

  • In Linux:

    ./kl_feed_util -u -p
  • In Windows:

    kl_feed_util.exe -u -p

The following command makes Feed Utility download, unpack, and process the specified feed.

  • In Linux:

    ./kl_feed_util -f Demo_Botnet_CnC_URL_Data_Feed
  • In Windows:

    kl_feed_util.exe -f Demo_Botnet_CnC_URL_Data_Feed

The following command specifies proxy connection parameters. These parameters are written to the configuration file.

  • In Linux:

    ./kl_feed_util --set-proxy 'user:pass@proxy.example.com:3128'
  • In Windows:

    kl_feed_util.exe --set-proxy 'user:pass@proxy.example.com:3128'

The following command specifies proxy connection parameters for a proxy that does not require authentication. These parameters are written to the configuration file.

  • In Linux:

    ./kl_feed_util --set-proxy 'proxy.example.com:3128'
  • In Windows:

    kl_feed_util.exe --set-proxy 'proxy.example.com:3128'

The following command specifies TAXII server connection parameters. These parameters are written to the configuration file.

  • In Linux:

    ./kl_feed_util --set-taxii 'user:pass@Example_Feed_Name@http://example.com@Example_Collection'
  • In Windows:

    kl_feed_util.exe --set-taxii 'user:pass@Example_Feed_Name@http://example.com@Example_Collection'

The following command displays an average speed with which Feed Utility downloads the feeds from Kaspersky servers.

  • In Linux:

    ./kl_feed_util --speedtest
  • In Windows:

    kl_feed_util.exe --speedtest

Output example

The following example demonstrates a typical Feed Utility output. Feed Utility downloads demo feeds, and then unpacks and processes them.

2018-08-03 16:20:31.815 7f9b01c58740 INF KL Feed Utility, version: 1.1.91.0/Release

2018-08-03 16:20:31.815 7f9b01c58740 INF Built at 2018-08-02T15:06:50Z for Linux/x86_64

2018-08-03 16:20:31.815 7f9b01c58740 INF Running at Linux/x86_64 version #1 SMP Debian 3.16.43-2 (2017-04-30)

2018-08-03 16:20:31.815 7f9b01c58740 INF Current locale is en_US.UTF-8

2018-08-03 16:20:31.992 7f9b01c58740 INF feed #85(Demo_Botnet_CnC_URL_Data_Feed) version 2018-08-03T12:47:26.893 is available

2018-08-03 16:20:32.404 7f9b01c58740 INF update of feed #85(Demo_Botnet_CnC_URL_Data_Feed) is extracted to /opt/feed_util/bin/tmp/Demo_Botnet_CnC_URL_Data_Feed.json

2018-08-03 16:20:32.586 7f9b01c58740 INF feed #86(Demo_Malicious_Hash_Data_Feed) version 2018-08-03T12:44:53.82 is available

2018-08-03 16:20:32.992 7f9b01c58740 INF update of feed #86(Demo_Malicious_Hash_Data_Feed) is extracted to /opt/feed_util/bin/tmp/Demo_Malicious_Hash_Data_Feed.json

2018-08-03 16:20:33.172 7f9b01c58740 INF feed #87(Demo_IP_Reputation_Data_Feed) version 2018-08-03T12:57:57.017 is available

2018-08-03 16:20:33.406 7f9b01c58740 INF update of feed #87(Demo_IP_Reputation_Data_Feed) is extracted to /opt/feed_util/bin/tmp/Demo_IP_Reputation_Data_Feed.json

2018-08-03 16:20:34.414 7f9b01c58740 INF 3 of 3 feeds downloaded

2018-08-03 16:20:34.416 7f9afedb9700 INF start processing of feed #87(Demo_IP_Reputation_Data_Feed)

2018-08-03 16:20:34.416 7f9aff5ba700 INF start processing of feed #86(Demo_Malicious_Hash_Data_Feed)

2018-08-03 16:20:34.425 7f9b007ea700 INF start processing of feed #85(Demo_Botnet_CnC_URL_Data_Feed)

2018-08-03 16:20:34.855 7f9b01c58740 INF 3 of 3 feeds processed

2018-08-03 16:20:35.255 7478 INF Starting the speed test...

2018-08-03 16:20:35.874 7478 INF 500.00 MiB downloaded in 14399 ms, average speed is 34.72 MiB/s

2018-08-03 16:20:36.133 7478 INF 500.00 MiB downloaded in 14304 ms, average speed is 34.96 MiB/s

2018-08-03 16:20:36.421 7478 INF 500.00 MiB downloaded in 13402 ms, average speed is 37.31 MiB/s

2018-08-03 16:20:36.679 7478 INF Overall average speed was 35.66 MiB/s

Article ID: 171404, Last review: Apr 14, 2021
Page top