pcap:
  enabled: 
    description: Enable or Disable Stenographer on all sensors or a single sensor
  config:
    maxdirectoryfiles:
      description: The maximum number of packet/index files to create before deleting old files. The default is about 8 days regardless of free space. 
    diskfreepercentage:
      description: The disk space percent to always keep free for pcap
    blocks:
      description: The number of 1MB packet blocks used by AF_PACKET to store packets in memory, per thread. You shouldn't need to change this. 
      advanced: True
    preallocate_file_mb:
      description: File size to pre-allocate for individual pcap files. You shouldn't need to change this. 
      advanced: True
    aiops:
      description: The max number of async writes to allow at once.
      advanced: True
    pin_to_cpu:
      description: Enable CPU pinning for PCAP.
    cpus_to_pin_to:
      description: CPU to pin PCAP to. Currently only a single CPU is supported
    disks:
      description: List of disks to use for PCAP. This is currently not used.
      advanced: True