From 1f2f1d70634221c637685b43fe50541ca7d52267 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Wed, 28 Sep 2016 13:45:55 +0200 Subject: [PATCH] doc: commandline improvements --- doc/userguide/command-line-options.rst | 63 ++++++++++++++++++++------ 1 file changed, 48 insertions(+), 15 deletions(-) diff --git a/doc/userguide/command-line-options.rst b/doc/userguide/command-line-options.rst index 672e646a4b..de981ba44e 100644 --- a/doc/userguide/command-line-options.rst +++ b/doc/userguide/command-line-options.rst @@ -3,14 +3,15 @@ Command Line Options .. toctree:: -You can use command line options in two ways. Using only one line -followed by one character or using two lines followed by a word, like -this: +Suricata's command line options: -:: +.. option:: -h - -a - --long-option + Display a brief usage overview. + +.. option:: -V + + Displays the version of Suricata. .. option:: -c @@ -20,8 +21,13 @@ this: .. option:: -i After the -i option you can enter the interface card you would like - to use to sniff packets from. It concerns sniffing packets with - libpcap in the pcap live mode. + to use to sniff packets from. This option will try to use the best + capture method available. + +.. option:: -v + + The -v option enables more verbosity of Suricata's output. Supply + multiple times for more verbosity. .. option:: -r @@ -32,7 +38,12 @@ this: .. option:: -s With the -s option you can set a file with signatures, which will - be loaded together with the rules set in yaml. + be loaded together with the rules set in the yaml. + +.. option:: -S + + With the -S option you can set a file with signatures, which will + be loaded exclusively, regardless of the rules set in the yaml. .. option:: -l @@ -71,9 +82,37 @@ this: For more information about runmodes see: :doc:`performance/runmodes` +.. option:: --build-info + + Gives an overview of the configure and build options that were + supplied to Suricata's build process at compile time. + +Capture Options +~~~~~~~~~~~~~~~ + +.. option:: --af-packet +.. option:: --af-packet= + + Enable capture of packet using AF_PACKET on Linux. If no device is + supplied, the list of devices from the af-packet section in the + yaml is used. + +.. option:: --netmap +.. option:: --netmap= + + Enable capture of packet using NETMAP on FreeBSD or Linux. If no + device is supplied, the list of devices from the af-packet section + in the yaml is used. + Unit Tests ~~~~~~~~~~ +Builtin unittests are only available if Suricata has been built with +--enable-unittests. + +Running unittests does not take a configuration file. Use -l to supply +an output directory. + .. option:: -u With the -u option you can run unit tests to test Suricata's code. @@ -95,9 +134,3 @@ Unit Tests will stop immediately after one test fails so you can see directly where it went wrong. -PF_RING options -~~~~~~~~~~~~~~~ - -In order to use PF_RING-enabled libpcap, you must start suricata with -the --pfring-int= switch or it will not invoke the PF_RING -enhancements in libpcap.