From: Victor Julien <victor@inliniac.net>
Date: Wed, 21 Dec 2016 10:39:58 +0000 (+0100)
Subject: doc: update for unix socket hostbits
X-Git-Tag: suricata-4.0.0-beta1~313
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c477c4370e1e2b56b1aebf272bc28bdb0680956f;p=thirdparty%2Fsuricata.git

doc: update for unix socket hostbits
---

diff --git a/doc/userguide/rules/xbits.rst b/doc/userguide/rules/xbits.rst
index 026e383181..3af99cff94 100644
--- a/doc/userguide/rules/xbits.rst
+++ b/doc/userguide/rules/xbits.rst
@@ -25,8 +25,48 @@ Threading
 Due to subtle timing issues between threads the order of sets and checks
 can be slightly unpredictible.
 
-Example: create a SSH blacklist
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+Unix Socket
+-----------
+
+Hostbits can be added, removed and listed through the unix socket.
+
+Add::
+
+    suricatasc -c "add-hostbit <ip> <bit name> <expire in seconds>"
+    suricatasc -c "add-hostbit 1.2.3.4 blacklist 3600"
+
+If an hostbit is added for an existing hostbit, it's expiry timer is updated.
+
+Remove::
+
+    suricatasc -c "remove-hostbit <ip> <bit name>"
+    suricatasc -c "remove-hostbit 1.2.3.4 blacklist"
+
+List::
+
+    suricatasc -c "list-hostbit <ip>"
+    suricatasc -c "list-hostbit 1.2.3.4"
+
+This results in::
+
+    {
+        "message":
+        {
+           "count": 1,
+           "hostbits":
+                [{
+                    "expire": 89,
+                    "name": "blacklist"
+                }]
+        },
+        "return": "OK"
+    }
+
+Examples
+--------
+
+Creating a SSH blacklist
+^^^^^^^^^^^^^^^^^^^^^^^^
 
 Below is an example of rules incoming to a SSH server.