cmikk
commented
6 years ago Note: "-w -" is explicitly rejected by fstrm_capture.
[Correction: "-w -" when connected to a terminal is rejected with:
fstrm_capture: Usage error: Refusing to write binary output to a terminalbut if stdout is redirected to a file, it will work. Correcting man page accordingly.]
reedjc
Thank you for adding manual pages. I am opening this ticket to propose some additional documentation improvements. This is for man/fstrm_capture.1
Consider sorting the options.
List the long option/argument names
document can write to stdout with -w -
document: Cannot use output splitting when writing to stdout -w -
document --debug -d is just errors and critical? -d -d is also warnings? -d -d -d is also info -d -d -d -d is also debug messages -d -d -d -d -d is also trace messages?
-u mention "Unix" socket
-a mention TCP
EXAMPLE has -s but doesn't include the required --localtime and --gmtime (fstrm_capture: Usage error: --split requires either --localtime or --gmtime)
Also explain --localtime and --gmtime better. Mention "strftime(3) conversions" (such as %F for the date and %T for the time) in the -w provided file path name). The man page is unclear if the converted file name is used after the "rotation" or for all file creations.
Document -h, --help
Document -b --buffersize Document buffer size defaults to capture_highwater = 262144;
Document -c --maxconns (what does it mean?) Remaining count connections defaults to -1 unlimited connections.
SEE ALSO point to Frame Streams implementation in C https://github.com/farsightsec/fstrm
SEE ALSO cross reference the other tools: fstrm_dump(1) and fstrm_replay(1).