write_pcap

Version: Next
write_pcap
Transforms event stream to PCAP byte stream.
write_pcap
Description
Transforms event stream to PCAP byte stream.
The structured representation of packets has the pcap.packet schema:
pcap.packet: record: - linktype: uint64 - time: timestamp: time - captured_packet_length: uint64 - original_packet_length: uint64 - data: string
PCAPNG
The current implementation does not support PCAPNG. Please reach out if you would like to see support.
Examples
Write packets as PCAP to a file
subscribe "packets" write_pcap save_file "/logs/packets.pcap"
Edit this page

Description​

Examples​

Write packets as PCAP to a file​

Description

Examples

Write packets as PCAP to a file