From 1792e868e222f46c94dd51124ac6dc9921bfb6fb Mon Sep 17 00:00:00 2001 From: Sean Whalen Date: Wed, 9 Jan 2019 16:13:56 -0500 Subject: [PATCH] Update documentation --- README.rst | 54 +++++++++++++++++++++++++----------------- docs/index.rst | 64 +++++++++++++++++++++++++++++++------------------- 2 files changed, 72 insertions(+), 46 deletions(-) diff --git a/README.rst b/README.rst index ad1f058..a367dd8 100644 --- a/README.rst +++ b/README.rst @@ -58,27 +58,30 @@ CLI help :: usage: parsedmarc [-h] [--strip-attachment-payloads] [-o OUTPUT] - [-n NAMESERVERS [NAMESERVERS ...]] [-t TIMEOUT] [-H HOST] - [-u USER] [-p PASSWORD] [--imap-port IMAP_PORT] - [--imap-skip-certificate-verification] [--imap-no-ssl] - [-r REPORTS_FOLDER] [-a ARCHIVE_FOLDER] [-d] - [-E [ELASTICSEARCH_HOST [ELASTICSEARCH_HOST ...]]] - [--elasticsearch-index-suffix ELASTICSEARCH_INDEX_SUFFIX] - [--hec HEC] [--hec-token HEC_TOKEN] [--hec-index HEC_INDEX] - [--hec-skip-certificate-verification] - [-K [KAFKA_HOSTS [KAFKA_HOSTS ...]]] - [--kafka-username KAFKA_USERNAME] - [--kafka-password KAFKA_PASSWORD] [--kafka-use-ssl] - [--kafka-aggregate-topic KAFKA_AGGREGATE_TOPIC] - [--kafka-forensic_topic KAFKA_FORENSIC_TOPIC] - [--save-aggregate] [--save-forensic] [-O OUTGOING_HOST] - [-U OUTGOING_USER] [-P OUTGOING_PASSWORD] - [--outgoing-port OUTGOING_PORT] - [--outgoing-ssl OUTGOING_SSL] [-F OUTGOING_FROM] - [-T OUTGOING_TO [OUTGOING_TO ...]] [-S OUTGOING_SUBJECT] - [-A OUTGOING_ATTACHMENT] [-M OUTGOING_MESSAGE] [-w] [--test] - [-s] [--debug] [-v] - [file_path [file_path ...]] + [-n NAMESERVERS [NAMESERVERS ...]] [-t TIMEOUT] [-H HOST] + [-u USER] [-p PASSWORD] [--imap-port IMAP_PORT] + [--imap-skip-certificate-verification] [--imap-no-ssl] + [-r REPORTS_FOLDER] [-a ARCHIVE_FOLDER] [-d] + [-E [ELASTICSEARCH_HOST [ELASTICSEARCH_HOST ...]]] + [--elasticsearch-index-suffix ELASTICSEARCH_INDEX_SUFFIX] + [--elasticsearch-use-ssl] + [--elasticsearch-ssl-cert-path ELASTICSEARCH_SSL_CERT_PATH] + [--elasticsearch-monthly-indexes] [--hec HEC] + [--hec-token HEC_TOKEN] [--hec-index HEC_INDEX] + [--hec-skip-certificate-verification] + [-K [KAFKA_HOSTS [KAFKA_HOSTS ...]]] + [--kafka-username KAFKA_USERNAME] + [--kafka-password KAFKA_PASSWORD] [--kafka-use-ssl] + [--kafka-aggregate-topic KAFKA_AGGREGATE_TOPIC] + [--kafka-forensic_topic KAFKA_FORENSIC_TOPIC] + [--save-aggregate] [--save-forensic] [-O OUTGOING_HOST] + [-U OUTGOING_USER] [-P OUTGOING_PASSWORD] + [--outgoing-port OUTGOING_PORT] + [--outgoing-ssl OUTGOING_SSL] [-F OUTGOING_FROM] + [-T OUTGOING_TO [OUTGOING_TO ...]] [-S OUTGOING_SUBJECT] + [-A OUTGOING_ATTACHMENT] [-M OUTGOING_MESSAGE] [-w] [--test] + [-s] [--debug] [-v] + [file_path [file_path ...]] Parses DMARC reports @@ -120,6 +123,13 @@ CLI help --elasticsearch-index-suffix ELASTICSEARCH_INDEX_SUFFIX append this suffix to the dmarc_aggregate and dmarc_forensic Elasticsearch index names, joined by _ + --elasticsearch-use-ssl + Use SSL when connecting to Elasticsearch + --elasticsearch-ssl-cert-path ELASTICSEARCH_SSL_CERT_PATH + Path to the Elasticsearch SSL certificate + --elasticsearch-monthly-indexes + Use monthly Elasticsearch indexes instead of daily + indexes --hec HEC the URL to a Splunk HTTP Event Collector (HEC) --hec-token HEC_TOKEN the authorization token for a Splunk HTTP Event @@ -130,7 +140,7 @@ CLI help --hec-skip-certificate-verification skip certificate verification for Splunk HEC -K [KAFKA_HOSTS [KAFKA_HOSTS ...]], --kafka-hosts [KAFKA_HOSTS [KAFKA_HOSTS ...]] - s list of one or more Kafka hostnames + a list of one or more Kafka hostnames --kafka-username KAFKA_USERNAME an optional Kafka username --kafka-password KAFKA_PASSWORD diff --git a/docs/index.rst b/docs/index.rst index 01e3aaa..3a9b3b3 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -62,27 +62,30 @@ CLI help :: usage: parsedmarc [-h] [--strip-attachment-payloads] [-o OUTPUT] - [-n NAMESERVERS [NAMESERVERS ...]] [-t TIMEOUT] [-H HOST] - [-u USER] [-p PASSWORD] [--imap-port IMAP_PORT] - [--imap-skip-certificate-verification] [--imap-no-ssl] - [-r REPORTS_FOLDER] [-a ARCHIVE_FOLDER] [-d] - [-E [ELASTICSEARCH_HOST [ELASTICSEARCH_HOST ...]]] - [--elasticsearch-index-suffix ELASTICSEARCH_INDEX_SUFFIX] - [--hec HEC] [--hec-token HEC_TOKEN] [--hec-index HEC_INDEX] - [--hec-skip-certificate-verification] - [-K [KAFKA_HOSTS [KAFKA_HOSTS ...]]] - [--kafka-username KAFKA_USERNAME] - [--kafka-password KAFKA_PASSWORD] [--kafka-use-ssl] - [--kafka-aggregate-topic KAFKA_AGGREGATE_TOPIC] - [--kafka-forensic_topic KAFKA_FORENSIC_TOPIC] - [--save-aggregate] [--save-forensic] [-O OUTGOING_HOST] - [-U OUTGOING_USER] [-P OUTGOING_PASSWORD] - [--outgoing-port OUTGOING_PORT] - [--outgoing-ssl OUTGOING_SSL] [-F OUTGOING_FROM] - [-T OUTGOING_TO [OUTGOING_TO ...]] [-S OUTGOING_SUBJECT] - [-A OUTGOING_ATTACHMENT] [-M OUTGOING_MESSAGE] [-w] [--test] - [-s] [--debug] [-v] - [file_path [file_path ...]] + [-n NAMESERVERS [NAMESERVERS ...]] [-t TIMEOUT] [-H HOST] + [-u USER] [-p PASSWORD] [--imap-port IMAP_PORT] + [--imap-skip-certificate-verification] [--imap-no-ssl] + [-r REPORTS_FOLDER] [-a ARCHIVE_FOLDER] [-d] + [-E [ELASTICSEARCH_HOST [ELASTICSEARCH_HOST ...]]] + [--elasticsearch-index-suffix ELASTICSEARCH_INDEX_SUFFIX] + [--elasticsearch-use-ssl] + [--elasticsearch-ssl-cert-path ELASTICSEARCH_SSL_CERT_PATH] + [--elasticsearch-monthly-indexes] [--hec HEC] + [--hec-token HEC_TOKEN] [--hec-index HEC_INDEX] + [--hec-skip-certificate-verification] + [-K [KAFKA_HOSTS [KAFKA_HOSTS ...]]] + [--kafka-username KAFKA_USERNAME] + [--kafka-password KAFKA_PASSWORD] [--kafka-use-ssl] + [--kafka-aggregate-topic KAFKA_AGGREGATE_TOPIC] + [--kafka-forensic_topic KAFKA_FORENSIC_TOPIC] + [--save-aggregate] [--save-forensic] [-O OUTGOING_HOST] + [-U OUTGOING_USER] [-P OUTGOING_PASSWORD] + [--outgoing-port OUTGOING_PORT] + [--outgoing-ssl OUTGOING_SSL] [-F OUTGOING_FROM] + [-T OUTGOING_TO [OUTGOING_TO ...]] [-S OUTGOING_SUBJECT] + [-A OUTGOING_ATTACHMENT] [-M OUTGOING_MESSAGE] [-w] [--test] + [-s] [--debug] [-v] + [file_path [file_path ...]] Parses DMARC reports @@ -124,6 +127,13 @@ CLI help --elasticsearch-index-suffix ELASTICSEARCH_INDEX_SUFFIX append this suffix to the dmarc_aggregate and dmarc_forensic Elasticsearch index names, joined by _ + --elasticsearch-use-ssl + Use SSL when connecting to Elasticsearch + --elasticsearch-ssl-cert-path ELASTICSEARCH_SSL_CERT_PATH + Path to the Elasticsearch SSL certificate + --elasticsearch-monthly-indexes + Use monthly Elasticsearch indexes instead of daily + indexes --hec HEC the URL to a Splunk HTTP Event Collector (HEC) --hec-token HEC_TOKEN the authorization token for a Splunk HTTP Event @@ -134,7 +144,7 @@ CLI help --hec-skip-certificate-verification skip certificate verification for Splunk HEC -K [KAFKA_HOSTS [KAFKA_HOSTS ...]], --kafka-hosts [KAFKA_HOSTS [KAFKA_HOSTS ...]] - s list of one or more Kafka hostnames + a list of one or more Kafka hostnames --kafka-username KAFKA_USERNAME an optional Kafka username --kafka-password KAFKA_PASSWORD @@ -461,12 +471,18 @@ Installation using pypy3 ------------------------ For the best possible processing speed, consider using ``parsedmarc`` inside a ``pypy3`` -virtualenv. First, `download the latest version of pypy3`_. Extract it to +virtualenv. First, `download the latest portable Linux version of pypy3`_. Extract it to ``/opt/pypy3`` (``sudo mkdir /opt`` if ``/opt`` does not exist), then create a symlink: + .. code-block:: bash + wget https://bitbucket.org/squeaky/portable-pypy/downloads/pypy3.5-6.0.0-linux_x86_64-portable.tar.bz2 + tar -jxf pypy3.5-6.0.0-linux_x86_64-portable.tar.bz2 + rm pypy3.5-6.0.0-linux_x86_64-portable.tar.bz2 + sudo chown -R root:root pypy3.5-6.0.0-linux_x86_64-portable + sudo mv pypy3.5-6.0.0-linux_x86_64-portable /opt/pypy3 sudo ln -s /opt/pypy3/bin/pypy3 /usr/local/bin/pypy3 Install ``virtualenv`` on your system: @@ -1232,7 +1248,7 @@ Indices and tables .. _Demystifying DMARC: https://seanthegeek.net/459/demystifying-dmarc/ -.. _download the latest version of pypy3: https://pypy.org/download.html#default-with-a-jit-compiler +.. _download the latest portable Linux version of pypy3: https://github.com/squeaky-pl/portable-pypy#portable-pypy-distribution-for-linux .. _Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/current/rpm.html