updated allowdomains and skipdomains docs

mosajjal · Apr 18, 2022 · 0759c6f · 0759c6f
1 parent 41c4105
commit 0759c6f
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/docs/content/en/docs/Inputs/filters_masks.md b/docs/content/en/docs/Inputs/filters_masks.md
@@ -40,12 +40,11 @@ While processing the packets, the source and destination IPv4 and IPv6 packets c
 ## Allow and Skip Domain list
 {{< alert >}}Applied at output level{{< /alert >}} 
 
-These two filters specify an allowlist and a skip list for the domain outputs. `--skipDomain` is used to avoid writing noisy, repetitive data to your Output. The skip domain list is a csv-formatted file (or a URL containing the file), with only two columns: a string representing part or all of a FQDN, and a logic for that particular string. `dnsmonster` supports three logics for each entry: `prefix`, `suffix` and `fqdn`. `prefix` and `suffix` means that only the domains starting/ending with the mentioned string will be skipped from being sent to output. Note that since the process is being done on DNS questions, your string will most likely have a trailing `.` that needs to be included in your skip list row as well (take a look at [skipdomains.csv.sample](skipdomains.csv.sample) for a better view). You can also have a full FQDN match to avoid writing highly noisy FQDNs into your database.
+These two filters specify an allowlist and a skip list for the domain outputs. `--skipDomainsFile` is used to avoid writing noisy, repetitive data to your Output. The skip domain list is a csv-formatted file (or a URL containing the file), with only two columns: a string representing part or all of a FQDN, and a logic for that particular string. `dnsmonster` supports three logics for each entry: `prefix`, `suffix` and `fqdn`. `prefix` and `suffix` means that only the domains starting/ending with the mentioned string will be skipped from being sent to output. Note that since the process is being done on DNS questions, your string will most likely have a trailing `.` that needs to be included in your skip list row as well (take a look at [skipdomains.csv.sample](skipdomains.csv.sample) for a better view). You can also have a full FQDN match to avoid writing highly noisy FQDNs into your database.
 
-`prefix` and `suffix` are quite CPU heavy and are not a good choice at all if you have a large number of packets coming in. By default, the skip domain file is loaded in `csv` mode, meaning each line's logic is separate from the next. You can also load the file in `hashtable` mode using the `--skipDomainsFileType` option. That will automatically ignore the second column of your input CSV file and will treat each entry as a FQDN. Since the data in `hashtable` mode are loaded into a Hash Table (surprise!), the performance of this mode is better than `csv` mode. 
 
-`--allowDomain` provides the exact opposite of skip domain logic. It works exactly the same as far as the csv format and filetype goes (`--allowDomainsFileType`). If set, your output will be limited to the entries inside this list. 
+`--allowDomainsFile` provides the exact opposite of skip domain logic, meaning your output will be limited to the entries inside this list. 
 
-both `--skipDomainsFile` and `--allowDomainFile` have an automatic refresh interval and re-fetch the FQDNs using `--skipDomainsRefreshInterval`and `--allowDomainsRefreshInterval` options.
+both `--skipDomainsFile` and `--allowDomainsFile` have an automatic refresh interval and re-fetch the FQDNs using `--skipDomainsRefreshInterval`and `--allowDomainsRefreshInterval` options.
 
 For each output type, you can specify which of these tables are used. Check the output section for more detail regarding the output modes.