mirror of https://github.com/OISF/suricata
				
				
				
			
			You cannot select more than 25 topics
			Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
		
		
		
		
		
			
		
			
				
	
	
		
			39 lines
		
	
	
		
			1.3 KiB
		
	
	
	
		
			ReStructuredText
		
	
			
		
		
	
	
			39 lines
		
	
	
		
			1.3 KiB
		
	
	
	
		
			ReStructuredText
		
	
| .. Consider converting `.. description` to `.. option` when the
 | |
|    minimum version of Sphinx on the primary distributions are all
 | |
|    updated to generate duplicate reference links. For example, we
 | |
|    can't use `.. option` on CentOS 7 which has Sphinx 1.1.3, but
 | |
|    Fedora 30 with Sphinx 1.8.4 is fine.
 | |
| 
 | |
| .. describe:: pcap-file <file> <dir> [tenant] [continuous] [delete-when-done]
 | |
| 
 | |
|    Add pcap files to Suricata for sequential processing. The generated
 | |
|    log/alert files will be put into the directory specified as second argument.
 | |
|    Make sure to provide absolute path to the files and directory. It is
 | |
|    acceptable to add multiple files without waiting the result.
 | |
| 
 | |
| .. describe:: pcap-file-continuous <file> <dir> [tenant] [delete-when-done]
 | |
| 
 | |
|    Add pcap files to Suricata for sequential processing. Directory will be
 | |
|    monitored for new files being added until there is a use of
 | |
|    **pcap-interrupt** or directory is moved or deleted.
 | |
| 
 | |
| .. describe:: pcap-file-number
 | |
| 
 | |
|    Number of pcap files waiting to get processed.
 | |
| 
 | |
| .. describe:: pcap-file-list
 | |
| 
 | |
|    List of queued pcap files.
 | |
| 
 | |
| .. describe:: pcap-last-processed
 | |
| 
 | |
|    Processed time of last file in milliseconds since epoch.
 | |
| 
 | |
| .. describe:: pcap-interrupt
 | |
| 
 | |
|    Terminate the current state by interrupting directory processing.
 | |
| 
 | |
| .. describe:: pcap-current
 | |
| 
 | |
|    Currently processed file.
 |