vast import pcap

Synopsis


usage: import pcap [<parameters>]

imports PCAP logs from STDIN or file

parameters:
  [-h | -? | --help] <boolean>              prints the help text
  [--documentation?] <boolean>              prints the Markdown-formatted documentation
  [-r | --read] <string>                    path to input where to read events from
  [-s | --schema] <string>                  path to alternate schema
  [-d | --uds] <boolean>                    treat -r as listening UNIX domain socket
  [-c | --cutoff] <uint64>                  skip flow packets after this many bytes
  [-m | --max-flows] <uint64>               number of concurrent flows to track
  [-a | --max-flow-age] <uint64>            max flow lifetime before eviction
  [-e | --flow-expiry] <uint64>             flow table expiration interval
  [-p | --pseudo-realtime-factor] <uint64>  factor c delaying packets by 1/c

Documentation

The PCAP import format uses libpcap to read network packets from a trace or an interface.