From: Victor Julien Date: Fri, 5 May 2023 18:29:40 +0000 (+0200) Subject: doc/userguide: spelling X-Git-Tag: suricata-7.0.0-rc2~248 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c0d9b3c078e56ae74c7e1f390d4bea7a2140f567;p=thirdparty%2Fsuricata.git doc/userguide: spelling --- diff --git a/doc/userguide/capture-hardware/netmap.rst b/doc/userguide/capture-hardware/netmap.rst index 29b8be785b..08f191dddc 100644 --- a/doc/userguide/capture-hardware/netmap.rst +++ b/doc/userguide/capture-hardware/netmap.rst @@ -75,7 +75,7 @@ threads for ``igb0`` and 4 capture threads for ``igb1``. .. warning:: This multi threaded setup only works correctly if the NIC has symmetric RSS hashing. If this is not the case, consider - using the the 'lb' method below. + using the 'lb' method below. IPS ~~~ diff --git a/doc/userguide/configuration/snort-to-suricata.rst b/doc/userguide/configuration/snort-to-suricata.rst index f9ea3b36e0..4f6029dbf1 100644 --- a/doc/userguide/configuration/snort-to-suricata.rst +++ b/doc/userguide/configuration/snort-to-suricata.rst @@ -126,7 +126,7 @@ snort.conf Suricata To set the user and group use the --user and --group - commandline options. + command-line options. Snaplen ~~~~~~~ @@ -188,7 +188,7 @@ suricata.yaml default-log-dir: /var/log/suricata/ -This value is overridden by the -l commandline option. +This value is overridden by the -l command-line option. Packet acquisition ------------------ diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst index 6cea257a72..6da5b46d62 100644 --- a/doc/userguide/configuration/suricata-yaml.rst +++ b/doc/userguide/configuration/suricata-yaml.rst @@ -868,7 +868,7 @@ per available CPU/CPU core. - worker-cpu-set: cpu: [ "all" ] mode: "exclusive" - # Use explicitely 3 threads and don't compute number by using + # Use explicitly 3 threads and don't compute number by using # detect-thread-ratio variable: # threads: 3 prio: @@ -1182,7 +1182,7 @@ Suricata inspects traffic in a sliding window manner. .. image:: suricata-yaml/inline_mode.png -**Example 13 Normal/IDS (reasembly on ACK'D data)** +**Example 13 Normal/IDS (reassembly on ACK'D data)** .. image:: suricata-yaml/Normal_ids_ack_d.png @@ -1488,7 +1488,7 @@ use of libhtp. # detection change between runs. It is set to 'yes' by default. #randomize-inspection-sizes: yes # If randomize-inspection-sizes is active, the value of various - # inspection size will be choosen in the [1 - range%, 1 + range%] + # inspection size will be chosen in the [1 - range%, 1 + range%] # range # Default value of randomize-inspection-range is 10. #randomize-inspection-range: 10 @@ -1980,7 +1980,7 @@ be found in other capture interfaces. The individual items contain the usual con such as `threads`/`copy-mode`/`checksum-checks` settings. Other capture interfaces, such as AF_PACKET, rely on the user that NICs are appropriately configured. Configuration through kernel does not apply to applications running under DPDK. The application is solely responsible for the initialization of NICs it is using. So, before the start of Suricata, NICs that Suricata uses, must undergo the process of initialization. -As a result, there are extra extra configuration options (how NICs can be configured) in the items (interfaces) of the `dpdk.interfaces` list. +As a result, there are extra configuration options (how NICs can be configured) in the items (interfaces) of the `dpdk.interfaces` list. At the start of the configuration process, all NIC offloads are disabled to prevent any packet modification. According to the configuration, checksum validation offload can be enabled to drop invalid packets. Other offloads can not be currently enabled. diff --git a/doc/userguide/devguide/codebase/contributing/code-submission-process.rst b/doc/userguide/devguide/codebase/contributing/code-submission-process.rst index 129f124065..bed5fa7143 100644 --- a/doc/userguide/devguide/codebase/contributing/code-submission-process.rst +++ b/doc/userguide/devguide/codebase/contributing/code-submission-process.rst @@ -32,7 +32,7 @@ Information that needs to be part of a commit (if applicable): Pull Requests ~~~~~~~~~~~~~ -A github pull request is actually just a pointer to a branch in your tree. Github provides a review interface that we use. +A github pull request is actually just a pointer to a branch in your tree. GitHub provides a review interface that we use. #. A branch can only be used in for an individual PR. #. A branch should not be updated after the pull request diff --git a/doc/userguide/devguide/codebase/contributing/contribution-process.rst b/doc/userguide/devguide/codebase/contributing/contribution-process.rst index cac1cae2ea..4bb7405cd8 100644 --- a/doc/userguide/devguide/codebase/contributing/contribution-process.rst +++ b/doc/userguide/devguide/codebase/contributing/contribution-process.rst @@ -180,7 +180,7 @@ for each pull request. So, when you address the first feedback, you will work in "geoip-feature-123-v2" and so on. For more details check: `Creating a branch to do your changes `_ diff --git a/doc/userguide/devguide/codebase/fuzz-testing.rst b/doc/userguide/devguide/codebase/fuzz-testing.rst index 84e678cd62..cd8b6ed997 100644 --- a/doc/userguide/devguide/codebase/fuzz-testing.rst +++ b/doc/userguide/devguide/codebase/fuzz-testing.rst @@ -28,4 +28,4 @@ Adding Fuzz Targets Oss-Fuzz -------- -Suricata is continuesly fuzz tested in Oss-Fuzz. See https://github.com/google/oss-fuzz/tree/master/projects/suricata +Suricata is continuously fuzz tested in Oss-Fuzz. See https://github.com/google/oss-fuzz/tree/master/projects/suricata diff --git a/doc/userguide/devguide/codebase/unittests-c.rst b/doc/userguide/devguide/codebase/unittests-c.rst index 2465366a94..bed54c87db 100644 --- a/doc/userguide/devguide/codebase/unittests-c.rst +++ b/doc/userguide/devguide/codebase/unittests-c.rst @@ -33,7 +33,7 @@ If you want more info about the unittests, regular debug mode can help. This is --enable-debug -Then, set the debug level from the commandline:: +Then, set the debug level from the command-line:: SC_LOG_LEVEL=Debug suricata -u diff --git a/doc/userguide/devguide/extending/app-layer/transactions.rst b/doc/userguide/devguide/extending/app-layer/transactions.rst index 4baecb753b..357bdcd76d 100644 --- a/doc/userguide/devguide/extending/app-layer/transactions.rst +++ b/doc/userguide/devguide/extending/app-layer/transactions.rst @@ -114,7 +114,7 @@ is completed (NFS, SMB), it is possible to create a level of abstraction to hand This is controlled by implementing progress states. In Suricata, those will be enums that are incremented as the parsing progresses. A state will start at 0. The higher its value, the closer the transaction would be to completion. Due to how -the engine tracks detection accross states, there is an upper limit of 48 to the state progress (it must be < 48). +the engine tracks detection across states, there is an upper limit of 48 to the state progress (it must be < 48). The engine interacts with transactions' state using a set of callbacks the parser registers. State is defined per flow direction (``STREAM_TOSERVER`` / ``STREAM_TOCLIENT``). diff --git a/doc/userguide/file-extraction/file-extraction.rst b/doc/userguide/file-extraction/file-extraction.rst index aa71dce9e8..b642ed3d2b 100644 --- a/doc/userguide/file-extraction/file-extraction.rst +++ b/doc/userguide/file-extraction/file-extraction.rst @@ -85,7 +85,7 @@ A protocol parser, like modbus, could permit to set a different store-depth value and use it rather than ``file-store.stream-depth``. Using the SHA256 for file names allows for automatic de-duplication of -extracted files. However, the timestamp of a pre-existing file will be +extracted files. However, the timestamp of a preexisting file will be updated if the same files is extracted again, similar to the `touch` command. diff --git a/doc/userguide/lua/lua-functions.rst b/doc/userguide/lua/lua-functions.rst index c5c092999c..9eff240f53 100644 --- a/doc/userguide/lua/lua-functions.rst +++ b/doc/userguide/lua/lua-functions.rst @@ -579,7 +579,7 @@ Example: function log (args) asked_domain = TlsGetSNI() if string.find(asked_domain, "badguys") then - -- ok connection to bad guys let's do someting + -- ok connection to bad guys let's do something end end diff --git a/doc/userguide/manpages/suricata.rst b/doc/userguide/manpages/suricata.rst index e763098149..9652d7a43f 100644 --- a/doc/userguide/manpages/suricata.rst +++ b/doc/userguide/manpages/suricata.rst @@ -18,7 +18,7 @@ generate alerts based on rules. **suricata** will generate traffic logs. When used with live traffic **suricata** can be passive or active. Active modes are: inline in a L2 bridge setup, inline with L3 integration with -host filewall (NFQ, IPFW, WinDivert), or out of band using active responses. +host firewall (NFQ, IPFW, WinDivert), or out of band using active responses. OPTIONS -------------- diff --git a/doc/userguide/output/eve/eve-json-format.rst b/doc/userguide/output/eve/eve-json-format.rst index b872e5da29..31f08b54d3 100644 --- a/doc/userguide/output/eve/eve-json-format.rst +++ b/doc/userguide/output/eve/eve-json-format.rst @@ -1442,7 +1442,7 @@ The optional "client" field is a sub-object that may contain the following: * "capabilities": List of any of the following: "support_errinfo_pdf", "want_32bpp_session", "support_statusinfo_pdu", "strong_asymmetric_keys", "valid_connection_type", "support_monitor_layout_pdu", "support_netchar_autodetect", "support_dynvc_gfx_protocol", "support_dynamic_time_zone", "support_heartbeat_pdu". * "id": Client product id string. * "connection_hint": Possible values are "modem", "low_broadband", "satellite", "high_broadband", "wan", "lan", "autodetect". -* "physical_width": Numeric phyical width of display. +* "physical_width": Numeric physical width of display. * "physical_height": Numeric physical height of display. * "desktop_orientation": Numeric angle of orientation. * "scale_factor": Numeric scale factor of desktop. @@ -2163,7 +2163,7 @@ Some of the possible request messages are: Examples ~~~~~~~~ -The two ``pgsql`` events in this example reprensent a rejected ``SSL handshake`` and a following connection request where the authentication method indicated by the backend was ``md5``:: +The two ``pgsql`` events in this example represent a rejected ``SSL handshake`` and a following connection request where the authentication method indicated by the backend was ``md5``:: { "timestamp": "2021-11-24T16:56:19.435242+0000", diff --git a/doc/userguide/output/eve/eve-json-output.rst b/doc/userguide/output/eve/eve-json-output.rst index 17e7ea2bab..bf288dabcc 100644 --- a/doc/userguide/output/eve/eve-json-output.rst +++ b/doc/userguide/output/eve/eve-json-output.rst @@ -75,7 +75,7 @@ Metadata:: # Include the decoded application layer (ie. http, dns) #app-layer: true - # Log the the current state of the flow record. + # Log the current state of the flow record. #flow: true #rule: diff --git a/doc/userguide/output/syslog-alerting-comp.rst b/doc/userguide/output/syslog-alerting-comp.rst index f731b72b65..e3db0b524a 100644 --- a/doc/userguide/output/syslog-alerting-comp.rst +++ b/doc/userguide/output/syslog-alerting-comp.rst @@ -1,7 +1,7 @@ Syslog Alerting Compatibility ============================= -Suricata can alert via sylog which is a very handy feature for central log collection, compliance, and reporting to a SIEM. Instructions on setting this up can be found in the .yaml file in the section where you can configure what type of alert (and other) logging you would like. +Suricata can alert via syslog which is a very handy feature for central log collection, compliance, and reporting to a SIEM. Instructions on setting this up can be found in the .yaml file in the section where you can configure what type of alert (and other) logging you would like. However, there are different syslog daemons and there can be parsing issues with the syslog format a SIEM expects and what syslog format Suricata sends. The syslog format from Suricata is dependent on the syslog daemon running on the Suricata sensor but often the format it sends is not the format the SIEM expects and cannot parse it properly. diff --git a/doc/userguide/partials/eve-log.yaml b/doc/userguide/partials/eve-log.yaml index 812189cd97..96522571e0 100644 --- a/doc/userguide/partials/eve-log.yaml +++ b/doc/userguide/partials/eve-log.yaml @@ -55,7 +55,7 @@ outputs: # Include the decoded application layer (ie. http, dns) app-layer: true - # Log the the current state of the flow record. + # Log the current state of the flow record. flow: true rule: diff --git a/doc/userguide/performance/analysis.rst b/doc/userguide/performance/analysis.rst index 68a879c1d7..cfaf63628d 100644 --- a/doc/userguide/performance/analysis.rst +++ b/doc/userguide/performance/analysis.rst @@ -1,7 +1,7 @@ Performance Analysis ==================== -There are many potential causes for for performance issues. In this section we +There are many potential causes for performance issues. In this section we will guide you through some options. The first part will cover basic steps and introduce some helpful tools. The second part will cover more in-depth explanations and corner cases. @@ -117,7 +117,7 @@ https://en.wikipedia.org/wiki/IEEE_802.1ad) most implementations only add 0x8100 on each layer. If the first seen layer has the same VLAN tag but the inner one has different VLAN tags it will still end up in the same queue in **cluster_qm** mode. This was observed with the i40e driver up to 2.8.20 and -the firmare version up to 7.00, feel free to report if newer versions have +the firmware version up to 7.00, feel free to report if newer versions have fixed this (see https://suricata.io/support/). diff --git a/doc/userguide/performance/high-performance-config.rst b/doc/userguide/performance/high-performance-config.rst index 8a51eee3e8..7d54f7b6d0 100644 --- a/doc/userguide/performance/high-performance-config.rst +++ b/doc/userguide/performance/high-performance-config.rst @@ -82,7 +82,7 @@ socket system using x710: The commands above can be reviewed in detail in the help or manpages of the ``ethtool``. In brief the sequence makes sure the NIC is reset, the number of RSS queues is set to 16, load balancing is enabled for the NIC, a low entropy -toepiltz key is inserted to allow for symmetric hashing, receive offloading is +toeplitz key is inserted to allow for symmetric hashing, receive offloading is disabled, the adaptive control is disabled for lowest possible latency and last but not least, the ring rx descriptor size is set to 1024. Make sure the RSS hash function is Toeplitz: diff --git a/doc/userguide/performance/hyperscan.rst b/doc/userguide/performance/hyperscan.rst index 42a39c358f..83b7e3bc7b 100644 --- a/doc/userguide/performance/hyperscan.rst +++ b/doc/userguide/performance/hyperscan.rst @@ -27,7 +27,7 @@ Using Hyperscan To use the hyperscan support edit your suricata.yaml. Change the mpm-algo and spm-algo values to 'hs'. -Alternatively, use this commandline option: --set mpm-algo=hs --set spm-algo=hs +Alternatively, use this command-line option: --set mpm-algo=hs --set spm-algo=hs diff --git a/doc/userguide/performance/ignoring-traffic.rst b/doc/userguide/performance/ignoring-traffic.rst index 0ce36d6d07..a2c7a88255 100644 --- a/doc/userguide/performance/ignoring-traffic.rst +++ b/doc/userguide/performance/ignoring-traffic.rst @@ -18,7 +18,7 @@ Example:: not host 1.2.3.4 -Capture filters are specified on the commandline after all other options:: +Capture filters are specified on the command-line after all other options:: suricata -i eth0 -v not host 1.2.3.4 suricata -i eno1 -c suricata.yaml tcp or udp diff --git a/doc/userguide/performance/statistics.rst b/doc/userguide/performance/statistics.rst index c2f3a2570f..454777ff2e 100644 --- a/doc/userguide/performance/statistics.rst +++ b/doc/userguide/performance/statistics.rst @@ -158,4 +158,4 @@ Tools to plot graphs Some people made nice tools to plot graphs of the statistics file. * `ipython and matplotlib script `_ -* `Monitoring with Zabbix or other `_ and `Code on Github `_ +* `Monitoring with Zabbix or other `_ and `Code on GitHub `_ diff --git a/doc/userguide/rules/bypass-keyword.rst b/doc/userguide/rules/bypass-keyword.rst index 070459de42..e5505a68dd 100644 --- a/doc/userguide/rules/bypass-keyword.rst +++ b/doc/userguide/rules/bypass-keyword.rst @@ -3,7 +3,7 @@ Bypass Keyword Suricata has a ``bypass`` keyword that can be used in signatures to exclude traffic from further evaluation. -The ``bypass`` keyword is useful in cases where there is a large flow expected (e.g. Netflix, Spotify, Youtube). +The ``bypass`` keyword is useful in cases where there is a large flow expected (e.g. Netflix, Spotify, YouTube). The ``bypass`` keyword is considered a post-match keyword. diff --git a/doc/userguide/rules/dns-keywords.rst b/doc/userguide/rules/dns-keywords.rst index 1a1593e0e9..15240d5015 100644 --- a/doc/userguide/rules/dns-keywords.rst +++ b/doc/userguide/rules/dns-keywords.rst @@ -25,7 +25,7 @@ Match on DNS requests and responses with **opcode** 4:: dns.opcode:4; -Match on DNS requests whre the **opcode** is NOT 0:: +Match on DNS requests where the **opcode** is NOT 0:: dns.opcode:!0; diff --git a/doc/userguide/rules/header-keywords.rst b/doc/userguide/rules/header-keywords.rst index 8ec2d34a51..3b45788e07 100644 --- a/doc/userguide/rules/header-keywords.rst +++ b/doc/userguide/rules/header-keywords.rst @@ -652,7 +652,7 @@ Example of icmp_seq in a rule: icmpv4.hdr ^^^^^^^^^^ -Sitcky buffer to match on the whole ICMPv4 header. +Sticky buffer to match on the whole ICMPv4 header. icmpv6.hdr ^^^^^^^^^^ diff --git a/doc/userguide/rules/meta.rst b/doc/userguide/rules/meta.rst index 570a83827c..06e5040e73 100644 --- a/doc/userguide/rules/meta.rst +++ b/doc/userguide/rules/meta.rst @@ -66,7 +66,7 @@ Example of sid in a signature: ` (``gid``). As Suricata-update currently considers the rule's ``sid`` only (cf. `Bug#5447 - `_), it is adviseable + `_), it is advisable to opt for a completely unique ``sid`` altogether. rev (revision) diff --git a/doc/userguide/rules/payload-keywords.rst b/doc/userguide/rules/payload-keywords.rst index 4342874f49..f55d9958a6 100644 --- a/doc/userguide/rules/payload-keywords.rst +++ b/doc/userguide/rules/payload-keywords.rst @@ -157,7 +157,7 @@ Example:: ``endswith`` is a short hand notation for:: - content:".php"; isdatat:!1,relative; + content:".php"; isdataat:!1,relative; ``endswith`` cannot be mixed with ``offset``, ``within`` or ``distance`` for the same pattern.