Bug #5711
openrunmodes: Suricata does not hint anything about missing runmode
Description
When Suricata is run and capture runmode is missing then Suricata only prints out the help page but provides no clue about missing runmode.
Example of running Suricata:sudo ./src/suricata -c suricata.yaml -l ./LOGS/ -S /dev/null
Example output:
Suricata 7.0.0-beta1 (876832765 2022-11-24)
USAGE: /home/local/suricata/src/.libs/suricata [OPTIONS] [BPF FILTER]
-c <path> : path to configuration file
-T : test configuration file (use with -c)
-i <dev or ip> : run in pcap live mode
-F <bpf filter file> : bpf filter file
-r <path> : run in pcap file/offline mode
-s <path> : path to signature file loaded in addition to suricata.yaml settings (optional)
-S <path> : path to signature file loaded exclusively (optional)
-l <dir> : default log directory
-D : run as daemon
-k [all|none] : force checksum check (all) or disabled it (none)
-V : display Suricata version
-v : be more verbose (use multiple times to increase verbosity)
--list-app-layer-protos : list supported app layer protocols
--list-keywords[=all|csv|<kword>] : list keywords implemented by the engine
--list-runmodes : list supported runmodes
--runmode <runmode_id> : specific runmode modification the engine should run. The argument
supplied should be the id for the runmode obtained by running
--list-runmodes
--engine-analysis : print reports on analysis of different sections in the engine and exit.
Please have a look at the conf parameter engine-analysis on what reports
can be printed
--pidfile <file> : write pid to this file
--init-errors-fatal : enable fatal failure on signature init error
--disable-detection : disable detection engine
--dump-config : show the running configuration
--dump-features : display provided features
--build-info : display build information
--pcap[=<dev>] : run in pcap mode, no value select interfaces from suricata.yaml
--pcap-file-continuous : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted
--pcap-file-delete : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done
--pcap-file-recursive : will descend into subdirectories when running in replay mode (-r)
--pcap-buffer-size : size of the pcap buffer value from 0 - 2147483647
--dpdk : run in dpdk mode, uses interfaces from suricata.yaml
--af-packet[=<dev>] : run in af-packet mode, no value select interfaces from suricata.yaml
--simulate-ips : force engine into IPS mode. Useful for QA
--user <user> : run suricata as this user after init
--group <group> : run suricata as this group after init
--erf-in <path> : process an ERF file
--unix-socket[=<file>] : use unix socket to control suricata work
--reject-dev <dev> : send reject packets from this interface
--set name=value : set a configuration value
To run the engine with default configuration on interface eth0 with signature file "signatures.rules", run the command as:
/home/local/suricata/src/.libs/suricata -c suricata.yaml -s signatures.rules -i eth0
Updated by Lukas Sismis about 1 year ago
- Assignee changed from OISF Dev to Comfort Amaechi
It's yours ;)
Updated by Comfort Amaechi about 1 year ago
- Status changed from Assigned to In Progress
Updated by Comfort Amaechi about 1 year ago
- Status changed from In Progress to In Review
Updated by Juliana Fajardini Reichow about 1 year ago
- Target version changed from TBD to 7.0.3
PRs for review: Suri - https://github.com/OISF/suricata/pull/9674
SV - https://github.com/OISF/suricata-verify/pull/1434
Updated by Victor Julien 12 months ago
- Target version changed from 7.0.3 to 8.0.0-beta1
Updated by Juliana Fajardini Reichow 10 months ago
- Status changed from In Review to In Progress
- Assignee changed from Comfort Amaechi to Community Ticket
Hi there, according to our guidelines for stale tickets, I'm unassigning this ticket.
Thanks for your interest in our project, and feel free to reach out in case you have time and want to contribute to Suricata again, or if you're still working on this task! :) :)
Refer to:
https://forum.suricata.io/t/important-outreachy-contribution-phase-wrap-up-prs-claimed-tickets-and-more
https://docs.suricata.io/en/latest/devguide/contributing/contribution-process.html#stale-tickets-policy
Updated by Juliana Fajardini Reichow 6 months ago
- Assignee changed from Community Ticket to Gabriel Lima Luz
Gabriel Lima Luz wrote in #note-10:
Hi. Can I claim this issue ?
Sure, and thanks! I've assigned it to you ^^
Updated by Gabriel Lima Luz 5 months ago
Hello.
after looking into the subtask listed in this ticket, I think it would make sense to work on the subtask(#6572) and fix the output of the --list-runmodess and then add a message for the missing run mode, So when the user tries to run suricata without specifying the runmode It can warn then and suggest the user to run --list-runmodes for more information.
Updated by Juliana Fajardini Reichow 5 months ago
Gabriel Lima Luz wrote in #note-12:
Hello.
after looking into the subtask listed in this ticket, I think it would make sense to work on the subtask(#6572) and fix the output of the --list-runmodess and then add a message for the missing run mode, So when the user tries to run suricata without specifying the runmode It can warn then and suggest the user to run --list-runmodes for more information.
Indeed, it does. Thanks for spotting this, and feel free to assign the other ticket to yourself - I saw you've already asked there :)