mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-01-03 06:43:20 +01:00
36 lines
1.3 KiB
YAML
36 lines
1.3 KiB
YAML
pcap:
|
|
enabled:
|
|
description: Enable or Disable Stenographer on all sensors or a single sensor
|
|
helpLink: pcap.html
|
|
config:
|
|
maxdirectoryfiles:
|
|
description: The maximum number of packet/index files to create before deleting old files. The default is about 8 days regardless of free space.
|
|
helpLink: pcap.html
|
|
diskfreepercentage:
|
|
description: The disk space percent to always keep free for pcap
|
|
helpLink: pcap.html
|
|
blocks:
|
|
description: The number of 1MB packet blocks used by AF_PACKET to store packets in memory, per thread. You shouldn't need to change this.
|
|
advanced: True
|
|
helpLink: pcap.html
|
|
preallocate_file_mb:
|
|
description: File size to pre-allocate for individual pcap files. You shouldn't need to change this.
|
|
advanced: True
|
|
helpLink: pcap.html
|
|
aiops:
|
|
description: The max number of async writes to allow at once.
|
|
advanced: True
|
|
helpLink: pcap.html
|
|
pin_to_cpu:
|
|
description: Enable CPU pinning for PCAP.
|
|
advanced: True
|
|
helpLink: pcap.html
|
|
cpus_to_pin_to:
|
|
description: CPU to pin PCAP to. Currently only a single CPU is supported
|
|
advanced: True
|
|
helpLink: pcap.html
|
|
disks:
|
|
description: List of disks to use for PCAP. This is currently not used.
|
|
advanced: True
|
|
helpLink: pcap.html
|