summaryrefslogtreecommitdiff
path: root/security/sancp/files/pkg-message.in
diff options
context:
space:
mode:
Diffstat (limited to 'security/sancp/files/pkg-message.in')
-rw-r--r--security/sancp/files/pkg-message.in37
1 files changed, 37 insertions, 0 deletions
diff --git a/security/sancp/files/pkg-message.in b/security/sancp/files/pkg-message.in
new file mode 100644
index 000000000000..b9cc18b8a51a
--- /dev/null
+++ b/security/sancp/files/pkg-message.in
@@ -0,0 +1,37 @@
+ ***********************************
+ * !!!!!!!!!!! WARNING !!!!!!!!!!! *
+ ***********************************
+
+A startup script was installed in %%PREFIX%%/etc/rc.d/. Enable the script
+in /etc/rc.conf using the usual rc.subr syntax. See rc.conf(5) or go to
+http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-rcng.html
+
+Configuration files named sancp.conf-dist and sancp.conf
+were installed in %%PREFIX%%/etc. See the INSTALL doc, located in
+%%PREFIX%%/share/doc/sancp/ for details on configuration
+options or type "sancp -h" on the commandline.
+
+Note that if you are installing sancp for use with sguil, the
+sancp.conf file will not be altered unless it is identical to
+the sancp.conf-dist file. In that case, during the
+sguil-sensor install, the sancp.conf file will be overwritten with
+the one that comes with squil. That file needs no editing. If the
+sancp.conf has been altered (you used sancp for something else) a
+new conf file, named sguil-sancp.conf-sample will be installed in the
+%%PREFIX%%/etc directory. You should use that one for sguil.
+
+Some of the configuration options for sancp are:
+
+-? or -h this help screen
+-c <filename> specify the configuration/rules filename
+-d <directory> specify the directory for output files
+-i <device> set the network device to listen on (default: 'any')
+-g <gid> set a group identity
+-u <uid> set a user identity
+-D (daemon) forks, prints msgs to syslog only and overrides -C option
+-F <bpf filename> file containing a bpf filter expression, overrides (alternative to -B)
+-V display version
+
+If you're running sguil, you probably want to use the following flags:
+sancp_flags="-D -P -R -u sancp -g sancp -d /var/log/sancp"
+(don't forget to specify the conf file and interface as well)
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-18 22:42:05 +0000