42 lines
1.2 KiB
Text
42 lines
1.2 KiB
Text
## packetq pid file
|
|
pidfile=/var/run/packetq.pid
|
|
|
|
## Name of the DNS server. Parameter is used first in filename when creating
|
|
## tcpdump files.
|
|
server="my_server"
|
|
|
|
## Directory where pcap files are stored
|
|
# make sure path ends with trailing "/"
|
|
destdir=/tmp/
|
|
|
|
## Name of the network interface(s) to monitor
|
|
interface=eth0,eth1
|
|
|
|
## How often to rotate dump file, in seconds
|
|
interval=300
|
|
|
|
## zip compression for pcap data
|
|
compression_level=9
|
|
|
|
## BSD libtrace promiscous interface hack
|
|
# (uses a tcpdump session on port 100 to keep the interface in promisc mode)
|
|
#bsdpromischack=YES
|
|
bsdpromischack=NO
|
|
|
|
## path to the tcpdump binary (only needed for promisc hack above)
|
|
tcpdump=tcpdump
|
|
|
|
## path to the tracesplit binary
|
|
# tracesplit is distributed in the tools folder of the libtrace library
|
|
# which at the time of this writing could be obtained at:
|
|
# http://research.wand.net.nz/software/libtrace.php
|
|
# make sure it's built and installed.
|
|
tracesplit=/usr/local/bin/tracesplit
|
|
|
|
### choose a packet filter:
|
|
## collect TCP and UDP, requests and responses:
|
|
filter="port 53 and not host 192.168.1.3 and not host 192.168.1.8"
|
|
|
|
## run command after moving file
|
|
command="echo \"path:%P filename:%F server:%S interface:%I date:%Y %M %D time:%h %m %s\""
|
|
|