Actions
Feature #4217
opennot complete cmd start line does not produce expliccit enough warning or msg
Effort:
Difficulty:
Label:
Beginner
Description
This is no problem/issue for experienced users however it can be not so revealing for new users.
If a cmd line is used that is not complete/correct in terms of runmode or interface the info/warning msg is not revealing of what the actual problem is.
In the case below an interface (or --af-packet) is actually missing form the command - maybe check for interface or run mode and warn about not being used?
/opt/suritest-tmp/bin/suricata -c /etc/suricata/suricata.yaml -S /dev/null Suricata 7.0.0-dev (372fc2673 2020-12-11) USAGE: /opt/suritest-tmp/bin/suricata [OPTIONS] [BPF FILTER] -c <path> : path to configuration file -T : test configuration file (use with -c) -i <dev or ip> : run in pcap live mode -F <bpf filter file> : bpf filter file -r <path> : run in pcap file/offline mode -s <path> : path to signature file loaded in addition to suricata.yaml settings (optional) -S <path> : path to signature file loaded exclusively (optional) -l <dir> : default log directory -D : run as daemon -k [all|none] : force checksum check (all) or disabled it (none) -V : display Suricata version -v : be more verbose (use multiple times to increase verbosity) --list-app-layer-protos : list supported app layer protocols --list-keywords[=all|csv|<kword>] : list keywords implemented by the engine --list-runmodes : list supported runmodes --runmode <runmode_id> : specific runmode modification the engine should run. The argument supplied should be the id for the runmode obtained by running --list-runmodes --engine-analysis : print reports on analysis of different sections in the engine and exit. Please have a look at the conf parameter engine-analysis on what reports can be printed --pidfile <file> : write pid to this file --init-errors-fatal : enable fatal failure on signature init error --disable-detection : disable detection engine --dump-config : show the running configuration --dump-features : display provided features --build-info : display build information --pcap[=<dev>] : run in pcap mode, no value select interfaces from suricata.yaml --pcap-file-continuous : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted --pcap-file-delete : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done --pcap-file-recursive : will descend into subdirectories when running in replay mode (-r) --pcap-buffer-size : size of the pcap buffer value from 0 - 2147483647 --af-packet[=<dev>] : run in af-packet mode, no value select interfaces from suricata.yaml --simulate-ips : force engine into IPS mode. Useful for QA --user <user> : run suricata as this user after init --group <group> : run suricata as this group after init --erf-in <path> : process an ERF file --unix-socket[=<file>] : use unix socket to control suricata work --reject-dev <dev> : send reject packets from this interface --set name=value : set a configuration value To run the engine with default configuration on interface eth0 with signature file "signatures.rules", run the command as: /opt/suritest-tmp/bin/suricata -c suricata.yaml -s signatures.rules -i eth0
Actions