mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-01-14 20:21:24 +01:00
25 lines
1.1 KiB
YAML
25 lines
1.1 KiB
YAML
pcap:
|
|
enabled:
|
|
description: Enable or Disable Stenographer on all sensors or a single sensor
|
|
config:
|
|
maxdirectoryfiles:
|
|
description: The maximum number of packet/index files to create before deleting old files. The default is about 8 days regardless of free space.
|
|
diskfreepercentage:
|
|
description: The disk space percent to always keep free for pcap
|
|
blocks:
|
|
description: The number of 1MB packet blocks used by AF_PACKET to store packets in memory, per thread. You shouldn't need to change this.
|
|
advanced: True
|
|
preallocate_file_mb:
|
|
description: File size to pre-allocate for individual pcap files. You shouldn't need to change this.
|
|
advanced: True
|
|
aiops:
|
|
description: The max number of async writes to allow at once.
|
|
advanced: True
|
|
pin_to_cpu:
|
|
description: Enable CPU pinning for PCAP.
|
|
cpus_to_pin_to:
|
|
description: CPU to pin PCAP to. Currently only a single SPU is supported
|
|
disks:
|
|
description: List of disks to use for PCAP. This is currently not used.
|
|
advanced: True
|