Bug #5711


runmodes: Suricata does not hint anything about missing runmode

Added by Lukas Sismis 2 months ago.

Target version:
Affected Versions:
Beginner, C, Good First Issue


When Suricata is run and capture runmode is missing then Suricata only prints out the help page but provides no clue about missing runmode.

Example of running Suricata:
sudo ./src/suricata -c suricata.yaml -l ./LOGS/ -S /dev/null

Example output:

  Suricata 7.0.0-beta1 (876832765 2022-11-24)
  USAGE: /home/local/suricata/src/.libs/suricata [OPTIONS] [BPF FILTER]              
        -c <path>                            : path to configuration file
        -T                                   : test configuration file (use with -c)
        -i <dev or ip>                       : run in pcap live mode
        -F <bpf filter file>                 : bpf filter file
        -r <path>                            : run in pcap file/offline mode
        -s <path>                            : path to signature file loaded in addition to suricata.yaml settings (optional)
        -S <path>                            : path to signature file loaded exclusively (optional)
        -l <dir>                             : default log directory
        -D                                   : run as daemon   
        -k [all|none]                        : force checksum check (all) or disabled it (none)
        -V                                   : display Suricata version
        -v                                   : be more verbose (use multiple times to increase verbosity)
        --list-app-layer-protos              : list supported app layer protocols
        --list-keywords[=all|csv|<kword>]    : list keywords implemented by the engine
        --list-runmodes                      : list supported runmodes
        --runmode <runmode_id>               : specific runmode modification the engine should run.  The argument
                                               supplied should be the id for the runmode obtained by running
        --engine-analysis                    : print reports on analysis of different sections in the engine and exit.
                                               Please have a look at the conf parameter engine-analysis on what reports
                                               can be printed                                                                                                                                                                                                  
        --pidfile <file>                     : write pid to this file                                                                                                                                                                                          
        --init-errors-fatal                  : enable fatal failure on signature init error                                                                                                                                                                    
        --disable-detection                  : disable detection engine                                                                                                                                                                               
        --dump-config                        : show the running configuration
        --dump-features                      : display provided features
        --build-info                         : display build information
        --pcap[=<dev>]                       : run in pcap mode, no value select interfaces from suricata.yaml
        --pcap-file-continuous               : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted
        --pcap-file-delete                   : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done
        --pcap-file-recursive                : will descend into subdirectories when running in replay mode (-r)
        --pcap-buffer-size                   : size of the pcap buffer value from 0 - 2147483647
        --dpdk                               : run in dpdk mode, uses interfaces from suricata.yaml
        --af-packet[=<dev>]                  : run in af-packet mode, no value select interfaces from suricata.yaml
        --simulate-ips                       : force engine into IPS mode. Useful for QA
        --user <user>                        : run suricata as this user after init
        --group <group>                      : run suricata as this group after init
        --erf-in <path>                      : process an ERF file
        --unix-socket[=<file>]               : use unix socket to control suricata work
        --reject-dev <dev>                   : send reject packets from this interface
        --set name=value                     : set a configuration value
  To run the engine with default configuration on interface eth0 with signature file "signatures.rules", run the command as:
  /home/local/suricata/src/.libs/suricata -c suricata.yaml -s signatures.rules -i eth0

No data to display


Also available in: Atom PDF