blob: cec9ff757173d08a01a8bfd95af86f44c3ab8e7a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
## packetq pid file
pidfile=/var/run/packetq.pid
## Name of the DNS server. Parameter is used first in filename when creating
## tcpdump files.
server="my_server"
## Directory where pcap files are stored
# make sure path ends with trailing "/"
destdir=/tmp/
## Name of the network interface(s) to monitor
interface=eth0,eth1
## How often to rotate dump file, in seconds
interval=300
## zip compression for pcap data
compression_level=9
## BSD libtrace promiscous interface hack
# (uses a tcpdump session on port 100 to keep the interface in promisc mode)
#bsdpromischack=YES
bsdpromischack=NO
## path to the tcpdump binary (only needed for promisc hack above)
tcpdump=tcpdump
## path to the tracesplit binary
# tracesplit is distributed in the tools folder of the libtrace library
# which at the time of this writing could be obtained at:
# http://research.wand.net.nz/software/libtrace.php
# make sure it's built and installed.
tracesplit=/usr/local/bin/tracesplit
### choose a packet filter:
## collect TCP and UDP, requests and responses:
filter="port 53 and not host 192.168.1.3 and not host 192.168.1.8"
## run command after moving file
command="echo \"path:%P filename:%F server:%S interface:%I date:%Y %M %D time:%h %m %s\""
|
