ServiceSettings
Defines settings for the Feed Service process.
Path
ServiceSettings
Attributes
This element has no attributes.
Nested elements
This element is a container for the following nested elements:
- Bases
Specifies the path to the directory that contains feeds from Kaspersky. If a relative path is set, it is calculated relative to the directory that contains the service binary file.
The Bases element is mandatory.
- BasesBackup
Specifies the path to the directory that contains backup version of feeds from Kaspersky. If a relative path is set, it is calculated relative to the directory that contains the service binary file.
The BasesBackup element is mandatory.
- BasesDownload
Specifies the path to the directory that contains downloaded feeds from Kaspersky. If a relative path is set, it is calculated relative to the directory that contains the service binary file.
The BasesDownload element is mandatory.
- TemporaryDir
The directory for temporary files.
The TemporaryDir element is optional. If it is omitted, the default value is used.
In Linux, the default value is
/tmp.In Windows, the default value is
%TEMP%(the current Windows user's temporary folder). - OutdatedBasesAlertPeriod
The time interval in hours following the last feed update, after which a notification about an outdated feed is sent to the event target. To turn off notifications, set this parameter to
0. This setting is taken into account for every feed that has no outdated_alert_period attribute.The OutdatedBasesAlertPeriod element is optional. If it is omitted, the default value
0is used. - ScannersCount
The number of scanners. Every scanner handles a single TCP connection.
If you want to run Feed Service in watchdog mode, specify one scanner in addition to the number of scanners needed for Feed Service itself. This must be done because the watchdog module uses an additional scanner.
The ScannersCount element is optional. If it is omitted, the default value
9is used. - ScanningThreadsPerScanner
The number of threads per scanner.
The ScanningThreadsPerScanner element is optional. If it is omitted, the default value
8is used. - EventSendingRetriesCount
Number of times Feed Service tries to resend a detection event to a SIEM solution if the first attempt at sending fails. If the value of
EventSendingRetriesCountis0, Feed Service sends each detection event one time and does not attempt to resend it.Maximum possible value is
10. The preset value is3.The EventSendingRetriesCount element is mandatory.
- EventSendingRetriesTimеout
Time interval between attempts made by Feed Service to resend a detection event to a SIEM solution, in seconds. Maximum possible value is
60.The EventSendingRetriesTimеout element is mandatory.
The preset value is
10. - FeedsRollbackEnabled
Specifies if feeds rollback is enabled or disabled.
If feeds rollback is enabled, feeds are rolled back when Kaspersky CyberTrace fails to upload new indicators into the Matching engine after feeds are updated. Kaspersky CyberTrace removes new indicators from the database and uses the previous feeds.
Possible values:
true— feeds rollback is enabled.false— feeds rollback is disabled.
Kaspersky CyberTrace reads FeedsRollbackEnabled only during initialization and does not reread it after.
By default, there is no FeedsRollbackEnabled element in the configuration file. If this element is missing, feeds rollback is enabled.
Example
The following is an example of this element.
<ServiceSettings> <Bases>../feeds</Bases> <BasesBackup>../feeds/backup</BasesBackup> <BasesDownload>../feeds/download</BasesDownload> <TemporaryDir>/tmp</TemporaryDir> <OutdatedBasesAlertPeriod>120</OutdatedBasesAlertPeriod> <ScannersCount>9</ScannersCount> <ScanningThreadsPerScanner>8</ScanningThreadsPerScanner> <EventSendingRetriesCount>3</EventSendingRetriesCount> <EventSendingRetriesTimеout>10</EventSendingRetriesTimеout> <FeedsRollbackEnabled>true</FeedsRollbackEnabled> </ServiceSettings> |