Project

General

Profile

Actions

Documentation #3762

open

update documentation for user modes

Added by Aaron Bungay over 4 years ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

The ticket https://redmine.openinfosecfoundation.org/issues/2421 introduced changes adding user mode and CWD being used as the log dir instead of the default log dir when using the "-r" option. As the documentation currently stands, it may not be clear that when using the "-r" option the CWD will be used for logging which could lead to confusion.

I think it might be helpful to add a note to the docs for the suricata command line option '-r' description or related user mode documentation pages to indicate this behaviour that the log dir will change when using this argument. When I first started trying out Suricata I thought my configuration file had issues since I was only looking at my default log dir for output using suricata -r but I didn't know to check my CWD for pcap log output instead. I finally found out that CWD was being used instead with help from this stackoverflow post at https://stackoverflow.com/questions/61132410/how-to-run-suricata-on-pcap-mode-and-get-results-in-fast-log, which explained what was happening.

Actions #1

Updated by Udokaku Ugochukwu about 4 years ago

Aaron Bungay wrote:

The ticket https://redmine.openinfosecfoundation.org/issues/2421 introduced changes adding user mode and CWD being used as the log dir instead of the default log dir when using the "-r" option. As the documentation currently stands, it may not be clear that when using the "-r" option the CWD will be used for logging which could lead to confusion.

I think it might be helpful to add a note to the docs for the suricata command line option '-r' description or related user mode documentation pages to indicate this behaviour that the log dir will change when using this argument. When I first started trying out Suricata I thought my configuration file had issues since I was only looking at my default log dir for output using suricata -r but I didn't know to check my CWD for pcap log output instead. I finally found out that CWD was being used instead with help from this stackoverflow post at https://stackoverflow.com/questions/61132410/how-to-run-suricata-on-pcap-mode-and-get-results-in-fast-log, which explained what was happening.

can I take this issue

Actions #2

Updated by Philippe Antoine over 1 year ago

  • Assignee set to Community Ticket

You are welcome to take any issue if nobody is already assigned to it

Actions #3

Updated by Philippe Antoine 5 months ago

  • Target version set to TBD
Actions #4

Updated by Philippe Antoine 3 months ago

  • Status changed from In Review to New
Actions

Also available in: Atom PDF