From e3126064e8ce6557c11a028d42b36ec0f088fb68 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 1 Jul 2020 17:58:02 -0400
Subject: [PATCH] Improve usage instructions for so-import-pcap

---
 salt/common/tools/sbin/so-import-pcap | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/salt/common/tools/sbin/so-import-pcap b/salt/common/tools/sbin/so-import-pcap
index 402f921cb..74661964d 100755
--- a/salt/common/tools/sbin/so-import-pcap
+++ b/salt/common/tools/sbin/so-import-pcap
@@ -21,18 +21,9 @@
 
 function usage {
   cat << EOF
-Usage:
-Please supply at least one pcap file.
-
-For example, to import a single pcap named import.pcap:
-so-import-pcap import.pcap
-
-To import multiple pcaps:
-so-import-pcap import1.pcap import2.pcap
-
-** IMPORTANT **
-Security Onion installations contain processes that automatically discard old data. Therefore, imports of old network traffic might immediately be erased, unless those processes are first disabled. 
+Usage: $0 <pcap-file-1> [pcap-file-2] [pcap-file-3]
 
+Imports the given file(s) into the Security Onion system. Be aware that importing PCAP files with traffic dated older than the curator threshold will result in missing data. Use the included "so-curator-stop" command to avoid this scenario.
 EOF
 }