vast export pcap

Synopsis


usage: export pcap [<parameters>]

exports query results in PCAP format

parameters:
  [-h | -? | --help] <boolean>      prints the help text
  [--documentation?] <boolean>      prints the Markdown-formatted documentation
  [-w | --write] <string>           path to write events to
  [-d | --uds] <boolean>            treat -w as UNIX domain socket to connect to
  [-f | --flush-interval] <uint64>  flush to disk after this many packets

Documentation

The PCAP export format uses libpcap to write PCAP events as a trace.

This command only supports events of type pcap.packet. As a result, VAST transforms a provided query expression E into #type == "pcap.packet" && E.