SERVER-17136: update manpages

1 files changed, 311 insertions, 274 deletions

diff --git a/debian/mongos.1 b/debian/mongos.1
index 3b35f05f021..6284a666473 100644
--- a/debian/mongos.1
+++ b/debian/mongos.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "MONGOS" "1" "March 18, 2014" "2.6" "mongodb-manual"
+.TH "MONGOS" "1" "January 30, 2015" "3.0" "mongodb-manual"
 .SH NAME
 mongos \- MongoDB Sharded Cluster Query Router
 .
@@ -39,6 +39,9 @@ application layer, and determines the location of this data in the
 From the perspective of the application, a
 \fBmongos\fP instance behaves identically to any other MongoDB
 instance.
+.SH CONSIDERATIONS
+.sp
+Never change the name of the \fBmongos\fP binary.
 .SH OPTIONS
 .SS Core Options
 .INDENT 0.0
@@ -48,7 +51,7 @@ instance.
 .INDENT 0.0
 .TP
 .B \-\-help, \-h
-Returns information on \fBmongos\fP options and usage.
+Returns information on the options and use of \fBmongos\fP\&.
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -57,15 +60,16 @@ Returns the \fBmongos\fP release number.
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-\-config <filename>, \-f
+.B \-\-config <filename>, \-f <filename>
 Specifies a configuration file for runtime configuration options. The
 configuration file is the preferred method for runtime configuration of
 \fBmongos\fP\&. The options are equivalent to the command\-line
 configuration options. See http://docs.mongodb.org/manual/reference/configuration\-options for
 more information.
 .sp
-Ensure the configuration file uses ASCII encoding. \fBmongos\fP does not
-support configuration files with non\-ASCII encoding, including UTF\-8.
+Ensure the configuration file uses ASCII encoding. The \fBmongos\fP
+instance does not support configuration files with non\-ASCII encoding,
+including UTF\-8.
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -77,8 +81,10 @@ including the option multiple times, (e.g. \fB\-vvvvv\fP\&.)
 .INDENT 0.0
 .TP
 .B \-\-quiet
-Runs \fBmongos\fP in a quiet mode that attempts to limit the amount of
-output. This option suppresses:
+Runs the \fBmongos\fP in a quiet mode that attempts to limit the amount
+of output.
+.sp
+This option suppresses:
 .INDENT 7.0
 .IP \(bu 2
 output from \fIdatabase commands\fP
@@ -93,16 +99,22 @@ connection closed events
 .INDENT 0.0
 .TP
 .B \-\-port <port>
-Specifies the port number when the MongoDB instance is not running on the
-standard port of \fB27017\fP\&. You may also specify the port number
-using the \fB\-\-host\fP option.
+\fIDefault\fP: 27017
+.sp
+Specifies the TCP port on which the MongoDB instance listens for
+client connections.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-bind_ip <ip address>
-Specifies the IP address that the \fBmongos\fP process binds to and
-listens for connections on. By default \fBmongos\fP listens for
-connections for all interfaces. You may attach \fBmongos\fP to any
+\fIDefault\fP: All interfaces.
+.sp
+Changed in version 2.6.0: The \fBdeb\fP and \fBrpm\fP packages include a default
+configuration file that sets \fI\%\-\-bind_ip\fP to \fB127.0.0.1\fP\&.
+
+.sp
+Specifies the IP address that \fBmongos\fP binds to in order to listen
+for connections from applications. You may attach \fBmongos\fP to any
 interface. When attaching \fBmongos\fP to a publicly accessible
 interface, ensure that you have implemented proper authentication and
 firewall restrictions to protect the integrity of your database.
@@ -115,62 +127,58 @@ Specifies the maximum number of simultaneous connections that
 value of this setting is higher than your operating system\(aqs configured
 maximum connection tracking threshold.
 .sp
-This setting is particularly useful for \fBmongos\fP if you have a
-client that creates a number of collections but allows them to timeout
-rather than close the collections. When you set \fBmaxConns\fP,
-ensure the value is slightly higher than the size of the connection pool
-or the total number of connections to prevent erroneous connection
-spikes from propagating to the members of a \fIsharded cluster\fP\&.
+This setting is particularly useful for \fBmongos\fP if you
+have a client that creates a number of connections but allows them
+to timeout rather than close the connections. When you set
+\fBmaxIncomingConnections\fP, ensure the value is slightly
+higher than the size of the connection pool or the total number of
+connections to prevent erroneous connection spikes from propagating
+to the members of a \fIsharded cluster\fP\&.
 .sp
-Changed in version 2.6: MongoDB removed the upward limit on the \fBmaxConns\fP setting.
+Changed in version 2.6: MongoDB removed the upward limit on the \fBmaxIncomingConnections\fP setting.
 
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-syslog
 Sends all logging output to the host\(aqs \fIsyslog\fP system rather
-than to standard output or a log file as with \fI\%\-\-logpath\fP\&.
+than to standard output or to a log file. , as with \fI\%\-\-logpath\fP\&.
 .sp
-\fI\%\-\-syslog\fP is not supported on Windows.
+The \fI\%\-\-syslog\fP option is not supported on Windows.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-syslogFacility <string>
-Specifies the facility level used when logging messages to syslog. The
-default is \fBuser\fP\&. The value you specify must be supported by your
+\fIDefault\fP: user
+.sp
+Specifies the facility level used when logging messages to syslog.
+The value you specify must be supported by your
 operating system\(aqs implementation of syslog. To use this option, you
 must enable the \fI\%\-\-syslog\fP option.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-logpath <path>
-Specifies the path for the log file that holds all diagnostic
-logging information.
+Sends all diagnostic logging information to a log file instead of to
+standard output or to the host\(aqs \fIsyslog\fP system. MongoDB creates
+the log file at the path you specify.
 .sp
-Unless specified, \fBmongos\fP will output all log information
-to the standard output. Additionally, unless you also specify
-\fI\%\-\-logappend\fP, the logfile will be overwritten when the
-process restarts.
-.sp
-\fBNOTE:\fP
-.INDENT 7.0
-.INDENT 3.5
-The behavior of the logging system may change in the near
-future in response to the \fI\%SERVER\-4499\fP case.
-.UNINDENT
-.UNINDENT
+By default, MongoDB overwrites the log file when the process restarts.
+To instead append to the log file, set the \fI\%\-\-logappend\fP option.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-logappend
-Appends new entries to the end of the logfile when the \fBmongos\fP restarts
-instead of overwriting the content of the log.
+Appends new entries to the end of the log file rather than overwriting
+the content of the log when the \fBmongos\fP instance restarts.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-timeStampFormat <string>
-Specifies the time format for timestamps in log messages. Specify one of
-the following values:
+\fIDefault\fP: iso8601\-local
+.sp
+The time format for timestamps in log messages. Specify one of the
+following values:
 .TS
 center;
 |l|l|.
@@ -199,7 +207,7 @@ _
 T{
 \fBiso8601\-local\fP
 T}	T{
-Default value. Displays timestamps in local time in the ISO\-8601
+Displays timestamps in local time in the ISO\-8601
 format. For example, for New York at the start of the Epoch:
 \fB1969\-12\-31T19:00:00.000+0500\fP
 T}
@@ -209,55 +217,27 @@ _
 .INDENT 0.0
 .TP
 .B \-\-pidfilepath <path>
-Specifies a file location to hold the "\fIPID\fP" or process ID of the
-\fBmongos\fP process. Useful for tracking the \fBmongos\fP process in
-combination with the \fI\%\-\-fork\fP option.
-.sp
-Without a specified \fI\%\-\-pidfilepath\fP option, \fBmongos\fP
-creates no PID file.
+Specifies a file location to hold the process ID of the \fBmongos\fP
+process where \fBmongos\fP will write its PID. This is useful for
+tracking the \fBmongos\fP process in combination with the
+\fI\%\-\-fork\fP option. Without a specified \fI\%\-\-pidfilepath\fP option, the
+process creates no PID file.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-keyFile <file>
-Specifies the path to a key file to store authentication
-information. This option is used for interprocess authentication among
-the \fBmongos\fP and \fBmongod\fP instances of a
-\fIsharded cluster\fP or \fIreplica set\fP\&.
+Specifies the path to a key file that stores the shared secret
+that MongoDB instances use to authenticate to each other in a
+\fIsharded cluster\fP or \fIreplica set\fP\&. \fI\%\-\-keyFile\fP implies
+\fI\-\-auth\fP\&. See \fIinter\-process\-auth\fP for more
+information.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-setParameter <options>
-New in version 2.4.
-
-.sp
-Specifies an option to configure on startup. Specify multiple options
-with multiple \fI\%\-\-setParameter\fP options. See
-http://docs.mongodb.org/manual/reference/parameters for full documentation of these parameters.
-The \fBsetParameter\fP database command provides access to many
-of these parameters. \fI\%\-\-setParameter\fP supports the following
-options:
-.INDENT 7.0
-.IP \(bu 2
-\fBenableLocalhostAuthBypass\fP
-.IP \(bu 2
-\fBenableTestCommands\fP
-.IP \(bu 2
-\fBlogLevel\fP
-.IP \(bu 2
-\fBlogUserIds\fP
-.IP \(bu 2
-\fBnotablescan\fP
-.IP \(bu 2
-\fBquiet\fP
-.IP \(bu 2
-\fBsupportCompatibilityFormPrivilegeDocuments\fP
-.IP \(bu 2
-\fBsyncdelay\fP
-.IP \(bu 2
-\fBtextSearchEnabled\fP
-.IP \(bu 2
-\fBuserCacheInvalidationIntervalSecs\fP
-.UNINDENT
+Specifies one of the MongoDB parameters described in
+http://docs.mongodb.org/manual/reference/parameters\&. You can specify multiple \fBsetParameter\fP
+fields.
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -282,64 +262,17 @@ Authentication.
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-\-clusterAuthMode <option>
-New in version 2.6.
-
-.sp
-Enables \fIinternal x.509 authentication\fP for membership to the cluster or replica
-set. The \fI\%\-\-clusterAuthMode\fP option can have one of the
-following values:
-.TS
-center;
-|l|l|.
-_
-T{
-Value
-T}	T{
-Description
-T}
-_
-T{
-\fBkeyFile\fP
-T}	T{
-Default value. Use keyfile for authentication.
-T}
-_
-T{
-\fBsendKeyFile\fP
-T}	T{
-For rolling upgrade purposes. Send the keyfile for
-authentication but can accept either keyfile or x.509
-certificate.
-T}
-_
-T{
-\fBsendX509\fP
-T}	T{
-For rolling upgrade purposes. Send the x.509 certificate for
-authentication but can accept either keyfile or x.509
-certificate.
-T}
-_
-T{
-\fBx509\fP
-T}	T{
-Recommended. Send the x.509 certificate for authentication and
-accept \fBonly\fP x.509 certificate.
-T}
-_
-.TE
-.sp
-The default distribution of MongoDB does not contain support for SSL.
-For more information on MongoDB and SSL, see http://docs.mongodb.org/manual/tutorial/configure\-ssl\&.
-.UNINDENT
-.INDENT 0.0
-.TP
 .B \-\-nounixsocket
-Disables listening on the UNIX socket. \fBmongos\fP always
-listens on the UNIX socket, unless either: \fI\%\-\-nounixsocket\fP
-is set, \fBbind_ip\fP is not set, or \fBbind_ip\fP
-does not specify \fB127.0.0.1\fP\&.
+Disables listening on the UNIX domain socket. The \fBmongos\fP process
+always listens on the UNIX socket unless one of the following is true:
+.INDENT 7.0
+.IP \(bu 2
+\fI\%\-\-nounixsocket\fP is set
+.IP \(bu 2
+\fBbindIp\fP is not set
+.IP \(bu 2
+\fBbindIp\fP does not specify \fB127.0.0.1\fP
+.UNINDENT
 .sp
 New in version 2.6: \fBmongos\fP installed from official \fB\&.deb\fP and \fB\&.rpm\fP packages
 have the \fBbind_ip\fP configuration set to \fB127.0.0.1\fP by
@@ -349,36 +282,44 @@ default.
 .INDENT 0.0
 .TP
 .B \-\-unixSocketPrefix <path>
-Specifies a path for the UNIX socket. If this option has no
-value, \fBmongos\fP creates a socket with \fB/tmp\fP as a prefix.
+\fIDefault\fP: /tmp
 .sp
-MongoDB will always create and listen on a UNIX socket, unless
-\fI\%\-\-nounixsocket\fP is set, \fBbind_ip\fP is not set,
-or \fBbind_ip\fP does not specify \fB127.0.0.1\fP\&.
+The path for the UNIX socket. If this option has no value, the
+\fBmongos\fP process creates a socket with \fB/tmp\fP as a prefix. MongoDB
+creates and listens on a UNIX socket unless one of the following is true:
+.INDENT 7.0
+.IP \(bu 2
+\fI\%\-\-nounixsocket\fP is set
+.IP \(bu 2
+\fBbindIp\fP is not set
+.IP \(bu 2
+\fBbindIp\fP does not specify \fB127.0.0.1\fP
+.UNINDENT
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-fork
-Enables a \fIdaemon\fP mode for \fBmongos\fP that runs the
-process in the background. This is the normal mode of operation in
-production and production\-like environments but may not be
-desirable for testing.
+Enables a \fIdaemon\fP mode that runs the \fBmongos\fP process in the
+background. By default \fBmongos\fP does not run as a daemon:
+typically you will run \fBmongos\fP as a daemon, either by using
+\fI\%\-\-fork\fP or by using a controlling process that handles the
+daemonization process (e.g. as with \fBupstart\fP and \fBsystemd\fP).
 .UNINDENT
 .SS Sharded Cluster Options
 .INDENT 0.0
 .TP
 .B \-\-configdb <config1>,<config2>,<config3>
 Specifies the \fIconfiguration database\fP for the
-\fIsharded cluster\fP\&. You must specify either 1 or 3 configuration
-servers, in a comma separated list.
+\fIsharded cluster\fP\&. You must specify either 1 or 3
+configuration servers, in a comma separated list. \fBAlways\fP use 3
+config servers in production environments.
 .sp
-All \fBmongos\fP instances \fBmust\fP specify the hosts in the
-\fI\%\-\-configdb\fP setting in the in the same order.
+All \fBmongos\fP instances \fBmust\fP specify the exact same value for
+\fI\%\-\-configdb\fP
 .sp
 If your configuration databases reside in more that one data center,
-order the hosts so that the config database that is closest to the
-majority of your \fBmongos\fP instances is first servers in the
-list.
+order the hosts so that first config sever in the list is the closest to the
+majority of your \fBmongos\fP instances.
 .sp
 \fBWARNING:\fP
 .INDENT 7.0
@@ -391,9 +332,11 @@ server is not available or offline.
 .INDENT 0.0
 .TP
 .B \-\-localThreshold
+\fIDefault\fP: 15
+.sp
 Affects the logic that \fBmongos\fP uses when selecting
-\fIreplica set\fP members to pass read operations to from clients.
-Specify a value in milliseconds. The default value is \fB15\fP, which
+\fIreplica set\fP members to pass read operations from clients.
+Specify a value in milliseconds. The default value of \fB15\fP
 corresponds to the default value in all of the client \fBdrivers\fP\&.
 .sp
 When \fBmongos\fP receives a request that permits reads to
@@ -405,18 +348,17 @@ Find the member of the set with the lowest ping time.
 Construct a list of replica set members that is within a ping time of
 15 milliseconds of the nearest suitable member of the set.
 .sp
-If you specify a value for \fI\%\-\-localThreshold\fP,
-\fBmongos\fP will construct the list of replica members that are
-within the latency allowed by this value.
+If you specify a value for the \fI\%\-\-localThreshold\fP option, \fBmongos\fP will
+construct the list of replica members that are within the latency
+allowed by this value.
 .IP \(bu 2
 Select a member to read from at random from this list.
 .UNINDENT
 .sp
-The ping time used for a member compared by the
-\fI\%\-\-localThreshold\fP setting is a moving average of recent ping
-times, calculated at most every 10 seconds. As a result, some queries
-may reach members above the threshold until the \fBmongos\fP
-recalculates the average.
+The ping time used for a member compared by the \fI\%\-\-localThreshold\fP setting is a
+moving average of recent ping times, calculated at most every 10
+seconds. As a result, some queries may reach members above the threshold
+until the \fBmongos\fP recalculates the average.
 .sp
 See the \fIreplica\-set\-read\-preference\-behavior\-member\-selection\fP
 section of the \fBread preference\fP
@@ -430,14 +372,15 @@ Updates the meta data format used by the \fIconfig database\fP\&.
 .INDENT 0.0
 .TP
 .B \-\-chunkSize <value>
+\fIDefault\fP: 64
+.sp
 Determines the size in megabytes of each \fIchunk\fP in the
-\fIsharded cluster\fP\&. The default value is 64 megabytes, which is the
-ideal size for chunks in most deployments: larger chunk size can lead to
-uneven data distribution; smaller chunk size can lead to inefficient
-movement of chunks between nodes. However, in some circumstances it may
-be necessary to set a different chunk size.
+\fIsharded cluster\fP\&. A size of 64 megabytes is ideal in most
+deployments: larger chunk size can lead to uneven data distribution;
+smaller chunk size can lead to inefficient movement of chunks between
+nodes.
 .sp
-This option \fIonly\fP affects chunk size when you initialize the cluster
+This option affects chunk size \fIonly\fP when you initialize the cluster
 for the first time. If you later modify the option, the new value has no
 effect. See the http://docs.mongodb.org/manual/tutorial/modify\-chunk\-size\-in\-sharded\-cluster
 procedure if you need to change the chunk size on an existing sharded
@@ -452,8 +395,8 @@ in a \fIsharded collection\fP\&. If set on all
 chunks as the data in a collection grows.
 .sp
 Because any \fBmongos\fP in a cluster can create a split, to
-totally disable splitting in a cluster you must set
-\fI\%\-\-noAutoSplit\fP on all \fBmongos\fP\&.
+totally disable splitting in a cluster you must set \fI\%\-\-noAutoSplit\fP on all
+\fBmongos\fP\&.
 .sp
 \fBWARNING:\fP
 .INDENT 7.0
@@ -478,12 +421,12 @@ documentation of MongoDB\(aqs support.
 Deprecated since version 2.6.
 
 .sp
-New in version 2.2.
-
+Enables SSL for \fBmongos\fP\&.
 .sp
-Enables SSL so that \fBmongos\fP requires SSL encryption for all
-connections on the default MongoDB port or port specified by
-\fI\-\-port\fP\&.
+With \fI\%\-\-sslOnNormalPorts\fP, a \fBmongos\fP requires SSL encryption for all
+connections on the default MongoDB port, or the port specified by
+\fI\-\-port\fP\&. By default, \fI\%\-\-sslOnNormalPorts\fP is
+disabled.
 .sp
 The default distribution of MongoDB does not contain support for SSL.
 For more information on MongoDB and SSL, see http://docs.mongodb.org/manual/tutorial/configure\-ssl\&.
@@ -494,8 +437,8 @@ For more information on MongoDB and SSL, see http://docs.mongodb.org/manual/tuto
 New in version 2.6.
 
 .sp
-Enables SSL or mixed SSL on a port. The argument to the
-\fI\%\-\-sslMode\fP option can be one of the following:
+Enables SSL or mixed SSL used for all network connections. The
+argument to the \fI\%\-\-sslMode\fP option can be one of the following:
 .TS
 center;
 |l|l|.
@@ -540,17 +483,14 @@ For more information on MongoDB and SSL, see http://docs.mongodb.org/manual/tuto
 .INDENT 0.0
 .TP
 .B \-\-sslPEMKeyFile <filename>
-New in version 2.6.
+New in version 2.2.
 
 .sp
 Specifies the \fB\&.pem\fP file that contains both the SSL certificate
 and key. Specify the file name of the \fB\&.pem\fP file using relative
 or absolute paths.
 .sp
-This option is required when using the \fI\-\-ssl\fP option to connect
-to a \fBmongod\fP or \fBmongos\fP that has
-\fBsslCAFile\fP enabled \fIwithout\fP
-\fBsslWeakCertificateValidation\fP\&.
+When SSL is enabled, you must specify \fI\-\-sslPEMKeyFile\fP\&.
 .sp
 The default distribution of MongoDB does not contain support for SSL.
 For more information on MongoDB and SSL, see http://docs.mongodb.org/manual/tutorial/configure\-ssl\&.
@@ -558,17 +498,74 @@ For more information on MongoDB and SSL, see http://docs.mongodb.org/manual/tuto
 .INDENT 0.0
 .TP
 .B \-\-sslPEMKeyPassword <value>
-New in version 2.6.
+New in version 2.2.
 
 .sp
 Specifies the password to de\-crypt the certificate\-key file (i.e.
-\fI\-\-sslPEMKeyFile\fP). Use \fI\-\-sslPEMKeyPassword\fP only if
-the certificate\-key file is encrypted. In all cases, \fBmongos\fP will
+\fB\-\-sslPEMKeyFile\fP). Use the \fI\-\-sslPEMKeyPassword\fP option only if the
+certificate\-key file is encrypted. In all cases, the \fBmongos\fP will
 redact the password from all logging and reporting output.
 .sp
-If the private key in the PEM file is encrypted and you do not specify
-\fI\-\-sslPEMKeyPassword\fP, \fBmongos\fP will prompt for a passphrase.
-See \fIssl\-certificate\-password\fP\&.
+Changed in version 2.6: If the private key in the PEM file is encrypted and you do not
+specify the \fI\-\-sslPEMKeyPassword\fP option, the \fBmongos\fP will prompt for a
+passphrase. See \fIssl\-certificate\-password\fP\&.
+
+.sp
+The default distribution of MongoDB does not contain support for SSL.
+For more information on MongoDB and SSL, see http://docs.mongodb.org/manual/tutorial/configure\-ssl\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-\-clusterAuthMode <option>
+\fIDefault\fP: keyFile
+.sp
+New in version 2.6.
+
+.sp
+The authentication mode used for cluster authentication. If you use
+\fIinternal x.509 authentication\fP,
+specify so here. This option can have one of the following values:
+.TS
+center;
+|l|l|.
+_
+T{
+Value
+T}	T{
+Description
+T}
+_
+T{
+\fBkeyFile\fP
+T}	T{
+Use a keyfile for authentication.
+Accept only keyfiles.
+T}
+_
+T{
+\fBsendKeyFile\fP
+T}	T{
+For rolling upgrade purposes. Send a keyfile for
+authentication but can accept both keyfiles and x.509
+certificates.
+T}
+_
+T{
+\fBsendX509\fP
+T}	T{
+For rolling upgrade purposes. Send the x.509 certificate for
+authentication but can accept both keyfiles and x.509
+certificates.
+T}
+_
+T{
+\fBx509\fP
+T}	T{
+Recommended. Send the x.509 certificate for authentication and
+accept only x.509 certificates.
+T}
+_
+.TE
 .sp
 The default distribution of MongoDB does not contain support for SSL.
 For more information on MongoDB and SSL, see http://docs.mongodb.org/manual/tutorial/configure\-ssl\&.
@@ -583,8 +580,13 @@ Specifies the \fB\&.pem\fP file that contains the x.509 certificate\-key
 file for \fImembership authentication\fP
 for the cluster or replica set.
 .sp
-The default distribution of MongoDB does not contain support for SSL.
-For more information on MongoDB and SSL, see http://docs.mongodb.org/manual/tutorial/configure\-ssl\&.
+If \fI\%\-\-sslClusterFile\fP does not specify the \fB\&.pem\fP file for internal cluster
+authentication, the cluster uses the \fB\&.pem\fP file specified in the
+\fI\-\-sslPEMKeyFile\fP option.
+.sp
+The default distribution of MongoDB does not contain support for
+SSL.  For more information on MongoDB and SSL, see
+http://docs.mongodb.org/manual/tutorial/configure\-ssl\&.
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -593,15 +595,13 @@ New in version 2.6.
 
 .sp
 Specifies the password to de\-crypt the x.509 certificate\-key file
-specified with \fI\%\-\-sslClusterFile\fP\&. Use
-\fI\%\-\-sslClusterPassword\fP only if the certificate\-key file is
-encrypted. In all cases, \fBmongos\fP will redact the password from all
-logging and reporting output.
-.sp
-Changed in version 2.6: If the x.509 key file is encrypted and you do
-not specify \fI\%\-\-sslClusterPassword\fP, \fBmongos\fP will prompt
-for a passphrase. See \fIssl\-certificate\-password\fP\&.
-
+specified with \fB\-\-sslClusterFile\fP\&. Use the \fI\%\-\-sslClusterPassword\fP option only
+if the certificate\-key file is encrypted. In all cases, the \fBmongos\fP
+will redact the password from all logging and reporting output.
+.sp
+If the x.509 key file is encrypted and you do not specify the
+\fI\%\-\-sslClusterPassword\fP option, the \fBmongos\fP will prompt for a passphrase. See
+\fIssl\-certificate\-password\fP\&.
 .sp
 The default distribution of MongoDB does not contain support for SSL.
 For more information on MongoDB and SSL, see http://docs.mongodb.org/manual/tutorial/configure\-ssl\&.
@@ -609,7 +609,7 @@ For more information on MongoDB and SSL, see http://docs.mongodb.org/manual/tuto
 .INDENT 0.0
 .TP
 .B \-\-sslCAFile <filename>
-New in version 2.6.
+New in version 2.4.
 
 .sp
 Specifies the \fB\&.pem\fP file that contains the root certificate chain
@@ -618,11 +618,26 @@ from the Certificate Authority. Specify the file name of the
 .sp
 The default distribution of MongoDB does not contain support for SSL.
 For more information on MongoDB and SSL, see http://docs.mongodb.org/manual/tutorial/configure\-ssl\&.
+.sp
+\fBWARNING:\fP
+.INDENT 7.0
+.INDENT 3.5
+If the \fI\-\-sslCAFile\fP option and its target
+file are not specified, x.509 client and member authentication will not
+function. \fBmongod\fP, and \fBmongos\fP in sharded systems,
+will not be able to verify the certificates of processes connecting to it
+against the trusted certificate authority (CA) that issued them, breaking
+the certificate chain.
+.sp
+As of version 2.6.4, \fBmongod\fP will not start with x.509
+authentication enabled if the CA file is not specified.
+.UNINDENT
+.UNINDENT
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-sslCRLFile <filename>
-New in version 2.6.
+New in version 2.4.
 
 .sp
 Specifies the \fB\&.pem\fP file that contains the Certificate Revocation
@@ -638,20 +653,24 @@ For more information on MongoDB and SSL, see http://docs.mongodb.org/manual/tuto
 New in version 2.4.
 
 .sp
+Changed in version 3.0.0: \fB\-\-sslAllowConnectionsWithoutCertificates\fP became \fI\%\-\-sslWeakCertificateValidation\fP\&. For
+compatibility, MongoDB processes continue to accept
+\fB\-\-sslAllowConnectionsWithoutCertificates\fP, but all users should
+update their configuration files.
+
+.sp
 Disables the requirement for SSL certificate validation that
-\fI\-\-sslCAFile\fP enables. With
-\fI\%\-\-sslWeakCertificateValidation\fP, \fBmongos\fP will accept
-connections when the client does not present a certificate when
-establishing the connection.
+\fB\-\-sslCAFile\fP enables. With the \fI\%\-\-sslWeakCertificateValidation\fP option, the \fBmongos\fP
+will accept connections when the client does not present a certificate
+when establishing the connection.
 .sp
-If the client presents a certificate and \fBmongos\fP has
-\fI\%\-\-sslWeakCertificateValidation\fP enabled, \fBmongos\fP will
-validate the certificate using the root certificate chain specified by
-\fI\-\-sslCAFile\fP and reject clients with invalid certificates.
+If the client presents a certificate and the \fBmongos\fP has \fI\%\-\-sslWeakCertificateValidation\fP
+enabled, the \fBmongos\fP will validate the certificate using the root
+certificate chain specified by \fB\-\-sslCAFile\fP and reject clients
+with invalid certificates.
 .sp
-Use \fI\%\-\-sslWeakCertificateValidation\fP if you have a mixed
-deployment that includes clients that do not or cannot present
-certificates to \fBmongos\fP\&.
+Use the \fI\%\-\-sslWeakCertificateValidation\fP option if you have a mixed deployment that includes
+clients that do not or cannot present certificates to the \fBmongos\fP\&.
 .sp
 The default distribution of MongoDB does not contain support for SSL.
 For more information on MongoDB and SSL, see http://docs.mongodb.org/manual/tutorial/configure\-ssl\&.
@@ -662,33 +681,57 @@ For more information on MongoDB and SSL, see http://docs.mongodb.org/manual/tuto
 New in version 2.6.
 
 .sp
-Bypasses the validation checks for server certificates and allows
-the use of invalid certificates. When using the
-\fBsslAllowInvalidCertificates\fP setting, MongoDB logs as a
-warning the use of the invalid certificate.
+Bypasses the validation checks for SSL certificates on other servers
+in the cluster and allows the use of invalid certificates. When using
+the \fBallowInvalidCertificates\fP setting, MongoDB
+logs as a warning the use of the invalid certificate.
 .sp
 The default distribution of MongoDB does not contain support for SSL.
 For more information on MongoDB and SSL, see http://docs.mongodb.org/manual/tutorial/configure\-ssl\&.
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-\-sslFIPSMode
-New in version 2.6.
+.B \-\-sslAllowInvalidHostnames
+New in version 3.0.
 
 .sp
-Directs \fBmongos\fP to use the FIPS mode of the installed OpenSSL
-library. Your system must
-have a FIPS compliant OpenSSL library to use \fI\-\-sslFIPSMode\fP\&.
+Disables the validation of the hostnames in SSL certificates, when
+connecting to other \fBmongos\fP instances for inter\-process
+authentication. This allows \fBmongos\fP to connect to other
+\fBmongos\fP instances if the hostnames in their certificates do not
+match their configured hostname.
 .sp
 The default distribution of MongoDB does not contain support for SSL.
 For more information on MongoDB and SSL, see http://docs.mongodb.org/manual/tutorial/configure\-ssl\&.
 .UNINDENT
+.INDENT 0.0
+.TP
+.B \-\-sslFIPSMode
+New in version 2.4.
+
+.sp
+Directs the \fBmongos\fP to use the FIPS mode of the installed OpenSSL
+library. Your system must have a FIPS compliant OpenSSL library to use
+the \fI\-\-sslFIPSMode\fP option.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+FIPS Compatible SSL is
+available only in \fI\%MongoDB Enterprise\fP\&. See
+http://docs.mongodb.org/manual/tutorial/configure\-fips for more information.
+.UNINDENT
+.UNINDENT
+.UNINDENT
 .SS Audit Options
 .INDENT 0.0
 .TP
 .B \-\-auditDestination
-Enables auditing. The \fI\%\-\-auditDestination\fP option can have one of
-the following values:
+New in version 2.6.
+
+.sp
+Enables \fBauditing\fP\&. The \fI\%\-\-auditDestination\fP option can
+have one of the following values:
 .TS
 center;
 |l|l|.
@@ -706,9 +749,9 @@ Output the audit events to syslog in JSON format. Not available on
 Windows. Audit messages have a syslog severity level of \fBinfo\fP
 and a facility level of \fBuser\fP\&.
 .sp
-The syslog message limit can result in the truncation of the audit
-messages. The auditing system will neither detect the truncation nor
-error upon its occurrence.
+The syslog message limit can result in the truncation of
+audit messages. The auditing system will neither detect the
+truncation nor error upon its occurrence.
 T}
 _
 T{
@@ -730,17 +773,18 @@ _
 \fBNOTE:\fP
 .INDENT 7.0
 .INDENT 3.5
-The \fBaudit system\fP is
-available only in \fI\%MongoDB Enterprise\fP\&.
+Available only in \fI\%MongoDB Enterprise\fP\&.
 .UNINDENT
 .UNINDENT
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-auditFormat
-Specifies the format of the output file if
-\fI\%\-\-auditDestination\fP is \fBfile\fP\&. The
-\fI\%\-\-auditFormat\fP can have one of the following values:
+New in version 2.6.
+
+.sp
+Specifies the format of the output file for \fBauditing\fP if \fI\%\-\-auditDestination\fP is \fBfile\fP\&. The
+\fI\%\-\-auditFormat\fP option can have one of the following values:
 .TS
 center;
 |l|l|.
@@ -773,60 +817,60 @@ performance more than printing to a file in BSON format.
 \fBNOTE:\fP
 .INDENT 7.0
 .INDENT 3.5
-The \fBaudit system\fP is
-available only in \fI\%MongoDB Enterprise\fP\&.
+Available only in \fI\%MongoDB Enterprise\fP\&.
 .UNINDENT
 .UNINDENT
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-auditPath
-Specifies the output file for auditing if \fI\%\-\-auditDestination\fP
-has value of \fBfile\fP\&. The \fI\%\-\-auditPath\fP option can take
-either a full path name or a relative path name.
+New in version 2.6.
+
+.sp
+Specifies the output file for \fBauditing\fP if
+\fI\%\-\-auditDestination\fP has value of \fBfile\fP\&. The \fI\%\-\-auditPath\fP
+option can take either a full path name or a relative path name.
 .sp
 \fBNOTE:\fP
 .INDENT 7.0
 .INDENT 3.5
-The \fBaudit system\fP is
-available only in \fI\%MongoDB Enterprise\fP\&.
+Available only in \fI\%MongoDB Enterprise\fP\&.
 .UNINDENT
 .UNINDENT
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-auditFilter
-Specifies the filter to limit the \fItypes of operations\fP the audit system records. The option
-takes a document of the form:
+New in version 2.6.
+
+.sp
+Specifies the filter to limit the \fItypes of operations\fP the \fBaudit system\fP records. The option takes a string representation
+of a query document of the form:
 .INDENT 7.0
 .INDENT 3.5
 .sp
 .nf
 .ft C
-{ atype: <expression> }
+{ <field1>: <expression1>, ... }
 .ft P
 .fi
 .UNINDENT
 .UNINDENT
 .sp
-For authentication operations, the option can also take a document of
-the form:
-.INDENT 7.0
-.INDENT 3.5
+The \fB<field>\fP can be \fBany field in the audit message\fP, including fields returned in the
+\fIparam\fP document. The
+\fB<expression>\fP is a \fIquery condition expression\fP\&.
 .sp
-.nf
-.ft C
-{ atype: <expression>, "param.db": <database> }
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
+To specify an audit filter, enclose the filter document in single
+quotes to pass the document as a string.
+.sp
+To specify the audit filter in a \fBconfiguration file\fP, you must use the YAML format of
+the configuration file.
 .sp
 \fBNOTE:\fP
 .INDENT 7.0
 .INDENT 3.5
-The \fBaudit system\fP is
-available only in \fI\%MongoDB Enterprise\fP\&.
+Available only in \fI\%MongoDB Enterprise\fP\&.
 .UNINDENT
 .UNINDENT
 .UNINDENT
@@ -834,24 +878,17 @@ available only in \fI\%MongoDB Enterprise\fP\&.
 .INDENT 0.0
 .TP
 .B \-\-ipv6
-Enables IPv6 support, which allows \fBmongos\fP to connect to the MongoDB
-instance using an IPv6 network. All MongoDB programs and processes,
-including \fBmongos\fP, disable IPv6 support by default.
+Enables IPv6 support and allows the \fBmongos\fP to connect to the
+MongoDB instance using an IPv6 network. All MongoDB programs and
+processes disable IPv6 support by default.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-jsonp
-Permits \fIJSONP\fP access via an HTTP interface. Consider the
-security implications of allowing this activity before enabling this
-option. If the HTTP interface is disabled, the \fI\%\-\-jsonp\fP also
-enables the HTTP interface.
-.sp
-\fBSEE ALSO:\fP
-.INDENT 7.0
-.INDENT 3.5
-\fI\%\-\-httpinterface\fP
-.UNINDENT
-.UNINDENT
+Permits \fIJSONP\fP access via an HTTP interface. Enabling the
+interface can increase network exposure. The \fI\%\-\-jsonp\fP option enables the
+HTTP interface, even if the \fBHTTP interface\fP
+option is disabled.
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -861,6 +898,6 @@ Disables the scripting engine.
 .SH AUTHOR
 MongoDB Documentation Project
 .SH COPYRIGHT
-2011-2014, MongoDB, Inc.
+2011-2015
 .\" Generated by docutils manpage writer.
 .