Skip to content

Options

Jump to bottom
cd-rite edited this page May 16, 2022 · 4 revisions

Options can be set from the command line, from environment variables prefixed by WATCHER_, or from the contents of an .env file in the current directory. We show the command line options below, with inline references in parentheses to the corresponding environment variable.

--add-existing

For --mode events, existing files in the path will generate an add event (WATCHER_ADD_EXISTING=1). Ignored if --mode scan, negate with --no-add-existing. Default: false

--api url

Required. Base URL of the STIG Manager API service (WATCHER_API_BASE).

--authority url

Required. Base URL of the OIDC authentication service that issues OAuth2 tokens for the API (WATCHER_AUTHORITY)

-c, --collection-id id

Required. collectionId to manage (WATCHER_COLLECTION).

--cargo-delay ms

Milliseconds to delay processing the queue (WATCHER_CARGO_DELAY) Default: 2000

--cargo-size number

Maximum queue size that triggers processing (WATCHER_CARGO_SIZE) Default: 25

--client-id string

Required. OIDC clientId to authenticate (WATCHER_CLIENT_ID). You will be prompted for the client secret if --client-key is not present and --prompt is present, unless WATCHER_CLIENT_SECRET is set

--client-key path

Path to a PEM encoded private key (WATCHER_CLIENT_KEY). If the key is encrypted, you will be prompted for the passphrase if --prompt is present, unless WATCHER_CLIENT_KEY_PASSPHRASE is set.

--create-objects

Create Assets or STIG Assignments as needed (WATCHER_CREATE_OBJECTS=1). Negate with --no-create-objects. Default: true

-d, --debug

Shortcut for --log-level debug --log-file-level debug Default: false

--event-polling

Use polling with --mode events, necessary for watching network files (WATCHER_EVENT_POLLING=1). Ignored if --mode scan, negate with --no-event-polling. Default: true

-h, --help

display help for command

--history-file path

If --mode scan, the path to a scan history file (WATCHER_HISTORY_FILE). Will be created if needed, ignored if --mode events, disabled with --no-history-file. A line is written for each file discovered by the scanner and the scanner ignores any existing entries. Default: false

--ignore-dir [names...]

Sub-directory name to ignore. Can be invoked multiple times.(WATCHER_IGNORE_DIRS=<csv>)

--ignore-dot

Ignore dotfiles in the path (WATCHER_IGNORE_DOT=1). Negate with --no-ignore-dot. Default: true

--log-color

Colorize the console log output. Might confound downstream piped processes. Default: false

--log-file path

Path to the log file which will be created if needed (WATCHER_LOG_FILE). Disable file logging with --no-log-file. Default: false

--log-file-level level

Log level for the log file (WATCHER_LOG_FILE_LEVEL). One of:

  • "error"
  • "warn"
  • "info"
  • "http"
  • "verbose"
  • "debug"
  • "silly"

Default: "verbose"

--log-level level

Log level for the console (WATCHER_LOG_LEVEL). One of:

  • "error"
  • "warn"
  • "info"
  • "http"
  • "verbose"
  • "debug"
  • "silly"

Default: "info"

--mode mode

Strategy for detecting files to be processed. (WATCHER_MODE). One of:

  • "scan"
  • "events"

Default: "events"

--no-add-existing

Ignore existing files in the watched path (WATCHER_ADD_EXISTING=0).

--no-create-objects

Do not create Assets or STIG Assignments (WATCHER_CREATE_OBJECTS=0).

--no-event-polling

Don't use polling with --mode events, reduces CPU usage (WATCHER_EVENT_POLLING=0).

--no-history-file

If --mode scan, disable the scan history file.

--no-ignore-dot

Do not ignore dotfiles in the path (WATCHER_IGNORE_DOT=0).

--no-log-file

Disable logging to a logfile.

--no-strict-revision-check

For CKL, allow checklist of uninstalled STIG revision (WATCHER_STRICT_REVISION_CHECK=0). This is the default behavior.

--one-shot

Process existing files in the path and exit. Sets --add-existing. Default: false

-p, --path path

Base path to watch (WATCHER_PATH). Default: "."

--prompt

Prompt for missing client secret or private key passphrase. Default: false

-s, --silent

Disable logging to the console. Default: false

--scan-interval ms

If --mode scan, the interval between scans. Ignored if --mode events. Default: 300000

--stability-threshold ms

If --mode events, milliseconds to wait for file size to stabilize. May be helpful when watching network shares. (WATCHER_STABILITY_THRESHOLD). Igonred with --mode scan Default: 0

--strict-revision-check

For CKL, ignore checklist of uninstalled STIG revision (WATCHER_STRICT_REVISION_CHECK=1). Negate with --no-strict-revision-check. Default: false

--version

Print the current version and exit.

Clone this wiki locally