doc: update for unix socket hostbits

author Victor Julien <victor@inliniac.net>

Wed, 21 Dec 2016 10:39:58 +0000 (11:39 +0100)

committer Victor Julien <victor@inliniac.net>

Thu, 16 Feb 2017 09:35:44 +0000 (10:35 +0100)
author Victor Julien <victor@inliniac.net>
Wed, 21 Dec 2016 10:39:58 +0000 (11:39 +0100)
committer Victor Julien <victor@inliniac.net>
Thu, 16 Feb 2017 09:35:44 +0000 (10:35 +0100)
diff --git a/doc/userguide/rules/xbits.rst b/doc/userguide/rules/xbits.rst

index 026e3831813f1bba18617a69f4677d2b6ef4c7dd..3af99cff94d5e6871f126fa985d884d444deb1ac 100644 (file)
--- a/doc/userguide/rules/xbits.rst
+++ b/doc/userguide/rules/xbits.rst
@@ -25,8 +25,48 @@ Threading
  Due to subtle timing issues between threads the order of sets and checks
  can be slightly unpredictible.
  
-Example: create a SSH blacklist
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+Unix Socket
+-----------
+
+Hostbits can be added, removed and listed through the unix socket.
+
+Add::
+
+    suricatasc -c "add-hostbit <ip> <bit name> <expire in seconds>"
+    suricatasc -c "add-hostbit 1.2.3.4 blacklist 3600"
+
+If an hostbit is added for an existing hostbit, it's expiry timer is updated.
+
+Remove::
+
+    suricatasc -c "remove-hostbit <ip> <bit name>"
+    suricatasc -c "remove-hostbit 1.2.3.4 blacklist"
+
+List::
+
+    suricatasc -c "list-hostbit <ip>"
+    suricatasc -c "list-hostbit 1.2.3.4"
+
+This results in::
+
+    {
+        "message":
+        {
+           "count": 1,
+           "hostbits":
+                [{
+                    "expire": 89,
+                    "name": "blacklist"
+                }]
+        },
+        "return": "OK"
+    }
+
+Examples
+--------
+
+Creating a SSH blacklist
+^^^^^^^^^^^^^^^^^^^^^^^^
  
  Below is an example of rules incoming to a SSH server.
author	Victor Julien <victor@inliniac.net>
	Wed, 21 Dec 2016 10:39:58 +0000 (11:39 +0100)
committer	Victor Julien <victor@inliniac.net>
	Thu, 16 Feb 2017 09:35:44 +0000 (10:35 +0100)