mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-15 21:52:47 +01:00
36 lines
1.4 KiB
YAML
36 lines
1.4 KiB
YAML
pcap:
|
|
enabled:
|
|
description: You can enable or disable Stenographer on all sensors or a single sensor.
|
|
helpLink: stenographer.html
|
|
config:
|
|
maxdirectoryfiles:
|
|
description: The maximum number of packet/index files to create before deleting old files.
|
|
helpLink: stenographer.html
|
|
diskfreepercentage:
|
|
description: The disk space percent to always keep free for PCAP
|
|
helpLink: stenographer.html
|
|
blocks:
|
|
description: The number of 1MB packet blocks used by AF_PACKET to store packets in memory, per thread. You shouldn't need to change this.
|
|
advanced: True
|
|
helpLink: stenographer.html
|
|
preallocate_file_mb:
|
|
description: File size to pre-allocate for individual PCAP files. You shouldn't need to change this.
|
|
advanced: True
|
|
helpLink: stenographer.html
|
|
aiops:
|
|
description: The max number of async writes to allow at once.
|
|
advanced: True
|
|
helpLink: stenographer.html
|
|
pin_to_cpu:
|
|
description: Enable CPU pinning for PCAP.
|
|
advanced: True
|
|
helpLink: stenographer.html
|
|
cpus_to_pin_to:
|
|
description: CPU to pin PCAP to. Currently only a single CPU is supported.
|
|
advanced: True
|
|
helpLink: stenographer.html
|
|
disks:
|
|
description: List of disks to use for PCAP. This is currently not used.
|
|
advanced: True
|
|
helpLink: stenographer.html
|