CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improve usage instructions for so-import-pcap

Browse Source
This commit is contained in:
Jason Ertel
2020-07-01 17:58:02 -04:00
parent 96e93b012d
commit e3126064e8
1 changed files with 2 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
salt/common/tools/sbin/so-import-pcap
View File

@@ -21,18 +21,9 @@
function usage {
cat << EOF
Usage:
Please supply at least one pcap file.
For example, to import a single pcap named import.pcap:
so-import-pcap import.pcap
To import multiple pcaps:
so-import-pcap import1.pcap import2.pcap
** IMPORTANT **
Security Onion installations contain processes that automatically discard old data. Therefore, imports of old network traffic might immediately be erased, unless those processes are first disabled.
Usage: $0 <pcap-file-1> [pcap-file-2] [pcap-file-3]
Imports the given file(s) into the Security Onion system. Be aware that importing PCAP files with traffic dated older than the curator threshold will result in missing data. Use the included "so-curator-stop" command to avoid this scenario.
EOF
}