Command - Sources

Command Line Interface

Sources

Description

Inspect clients identified as anomaly or attack sources.

Syntax

sources [--help] [--domain-name DOMAIN_NAME] [--network NETWORK] [--private-networks] [--public-networks] [--order-by {address,timestamp,hits}] [--unix-timestamps] [--paginate] [--csv] [--count] [--reverse]

Options

  • --all-dates Select a time interval corresponding to all available dates. Overrides --start, --end and any less restrictive time interval setting.
  • --client-ips [IP ADDRESS [IP ADDRESS ...]] Limit the query to requests originating from the specified set of client IPs.
  • --count If present, the number of rows resulting from the query will be displayed, overriding all table formatting instructions.
  • --csv Generate tabular output in standard CSV format.
  • --end END Specify a maximum value for the time interval. Format: YYYY-MM-DD-hh:mm:ss.ffffff
  • --help Show this help message.
  • --last-hours H select a time interval corresponding to the last H hours. Overrides --start, --end and any less restrictive time interval setting.
  • --last-minutes M select a time interval corresponding to the last M minutes. Overrides --start, --end and any less restrictive time interval setting.
  • --limit LIMIT The maximum number of rows to be displayed.
  • --method METHOD Filter by HTTP method.
  • --paginate Allow the pagination of output text.
  • --path PATH Filter by URI Path. Results will include all paths including the specified substring.
  • --referer REFERER Filter by Referer. The search string can include one or more wildcard ’*’ characters.
  • --response-code RESPONSE CODE Limit the query to records containing the specified response code.
  • --rule-id RULE ID Only show requests which matched the specified Web Application Firewall rule ID.
  • --show-all-fields Show all recorded HTTP request fields.
  • --start START Specify a minimum value for the time interval. Format: YYYY-MM-DD-hh:mm:ss.ffffff
  • --today Select a time interval corresponding to the time elapsed since midnight on the current date. Overrides --start,--end and any less restrictive time interval setting.
  • --unix-timestamps Show timestamps in standard UNIX format.
  • --user-agent USER AGENT Filter by User Agent. The search string can include one or more wildcard ’*’ characters.