diff options
Diffstat (limited to 'doc/userguide/manpages')
-rw-r--r-- | doc/userguide/manpages/index.rst | 10 | ||||
-rw-r--r-- | doc/userguide/manpages/suricata.rst | 91 | ||||
-rw-r--r-- | doc/userguide/manpages/suricatactl-filestore.rst | 67 | ||||
-rw-r--r-- | doc/userguide/manpages/suricatactl.rst | 43 | ||||
-rw-r--r-- | doc/userguide/manpages/suricatasc.rst | 40 |
5 files changed, 251 insertions, 0 deletions
diff --git a/doc/userguide/manpages/index.rst b/doc/userguide/manpages/index.rst new file mode 100644 index 0000000..a054e86 --- /dev/null +++ b/doc/userguide/manpages/index.rst @@ -0,0 +1,10 @@ +Man Pages +========= + +.. toctree:: + :maxdepth: 1 + + suricata + suricatasc + suricatactl + suricatactl-filestore diff --git a/doc/userguide/manpages/suricata.rst b/doc/userguide/manpages/suricata.rst new file mode 100644 index 0000000..9652d7a --- /dev/null +++ b/doc/userguide/manpages/suricata.rst @@ -0,0 +1,91 @@ +Suricata +======== + +SYNOPSIS +-------- + +**suricata** [OPTIONS] [BPF FILTER] + +DESCRIPTION +----------- + +**suricata** is a high performance Network IDS, IPS and Network Security +Monitoring engine. Open Source and owned by a community run non-profit +foundation, the Open Information Security Foundation (OISF). + +**suricata** can be used to analyze live traffic and pcap files. It can +generate alerts based on rules. **suricata** will generate traffic logs. + +When used with live traffic **suricata** can be passive or active. Active +modes are: inline in a L2 bridge setup, inline with L3 integration with +host firewall (NFQ, IPFW, WinDivert), or out of band using active responses. + +OPTIONS +-------------- + +.. include:: ../partials/options.rst + +OPTIONS FOR DEVELOPERS +---------------------- + +.. include:: ../partials/options-unittests.rst + +SIGNALS +------- + +Suricata will respond to the following signals: + +SIGUSR2 + + Causes Suricata to perform a live rule reload. + +SIGHUP + + Causes Suricata to close and re-open all log files. This can be + used to re-open log files after they may have been moved away by + log rotation utilities. + +FILES AND DIRECTORIES +--------------------- + +|sysconfdir|/suricata/suricata.yaml + Default location of the Suricata configuration file. + +|localstatedir|/log/suricata + Default Suricata log directory. + +EXAMPLES +-------- + +To capture live traffic from interface `eno1`:: + + suricata -i eno1 + +To analyze a pcap file and output logs to the CWD:: + + suricata -r /path/to/capture.pcap + +To capture using `AF_PACKET` and override the flow memcap setting from the `suricata.yaml`:: + + suricata --af-packet --set flow.memcap=1gb + +To analyze a pcap file with a custom rule file:: + + suricata -r /pcap/to/capture.pcap -S /path/to/custom.rules + +BUGS +---- + +Please visit Suricata's support page for information about submitting +bugs or feature requests. + +NOTES +----- + +* Suricata Home Page + + https://suricata.io/ + +* Suricata Support Page + + https://suricata.io/support/ diff --git a/doc/userguide/manpages/suricatactl-filestore.rst b/doc/userguide/manpages/suricatactl-filestore.rst new file mode 100644 index 0000000..536d301 --- /dev/null +++ b/doc/userguide/manpages/suricatactl-filestore.rst @@ -0,0 +1,67 @@ +Suricata Control Filestore +========================== + +SYNOPSIS +-------- + +**suricatactl filestore** [-h] <command> [<args>] + +DESCRIPTION +----------- + +This command lets you perform certain operations on Suricata filestore. + + +OPTIONS +-------- + +.. Basic options + +.. option:: -h + +Get help about the available commands. + + +COMMANDS +--------- + +**prune [-h|--help] [-n|--dry-run] [-v|verbose] [-q|--quiet] -d <DIRECTORY> +--age <AGE>** + +Prune files older than a given age. + +-d <DIRECTORY> | --directory <DIRECTORY> is a required argument which tells +that user must provide the suricata filestore directory on which all the +specified operations are to be performed. + +--age <AGE> is a required argument asking the age of the files. Files older +than the age mentioned with this option shall be pruned. + +-h | --help is an optional argument with which you can ask for help about the +command usage. + +-n | --dry-run is an optional argument which makes the utility print only what +would happen + +-v | --verbose is an optional argument to increase the verbosity of command. + +-q | --quiet is an optional argument that helps log errors and warnings only +and keep silent about everything else. + + +BUGS +---- + +Please visit Suricata's support page for information about submitting +bugs or feature requests. + +NOTES +----- + +* Suricata Home Page + + https://suricata.io/ + +* Suricata Support Page + + https://suricata.io/support/ diff --git a/doc/userguide/manpages/suricatactl.rst b/doc/userguide/manpages/suricatactl.rst new file mode 100644 index 0000000..edda079 --- /dev/null +++ b/doc/userguide/manpages/suricatactl.rst @@ -0,0 +1,43 @@ +Suricata Control +================ + +SYNOPSIS +-------- + +**suricatactl** [-h] <command> [<args>] + +DESCRIPTION +----------- + +This tool helps control Suricata's features. + +OPTIONS +-------- + +.. Basic options + +.. option:: -h + +Get help about the available commands. + +COMMANDS +--------- + +:manpage:`suricatactl-filestore(1)` + +BUGS +---- + +Please visit Suricata's support page for information about submitting +bugs or feature requests. + +NOTES +----- + +* Suricata Home Page + + https://suricata.io/ + +* Suricata Support Page + + https://suricata.io/support/ diff --git a/doc/userguide/manpages/suricatasc.rst b/doc/userguide/manpages/suricatasc.rst new file mode 100644 index 0000000..583c36b --- /dev/null +++ b/doc/userguide/manpages/suricatasc.rst @@ -0,0 +1,40 @@ +Suricata Socket Control +======================= + +SYNOPSIS +-------- + +**suricatasc** + +DESCRIPTION +----------- + +Suricata socket control tool + +COMMANDS +--------- + +.. include:: ../partials/commands-sc.rst + +PCAP MODE COMMANDS +------------------- + +.. include:: ../partials/commands-pcap-sc.rst + + +BUGS +---- + +Please visit Suricata's support page for information about submitting +bugs or feature requests. + +NOTES +----- + +* Suricata Home Page + + https://suricata.io/ + +* Suricata Support Page + + https://suricata.io/support/ |