Data Fields | |
| int | use_stream_depth |
| int | honor_pass_rules |
| char * | bpf_filter |
| SCMutex | plog_lock |
| uint64_t | pkt_cnt |
| struct pcap_pkthdr * | h |
| char * | filename |
| int | mode |
| int | prev_day |
| uint64_t | size_current |
| uint64_t | size_limit |
| pcap_t * | pcap_dead_handle |
| pcap_dumper_t * | pcap_dumper |
| struct bpf_program * | bpfp |
| uint64_t | profile_data_size |
| uint32_t | file_cnt |
| uint32_t | max_files |
| bool | is_private |
| LogModeConditionalType | conditional |
| PcapLogProfileData | profile_lock |
| PcapLogProfileData | profile_write |
| PcapLogProfileData | profile_unlock |
| PcapLogProfileData | profile_handles |
| PcapLogProfileData | profile_close |
| PcapLogProfileData | profile_open |
| PcapLogProfileData | profile_rotate |
Detailed Description
Field Documentation
◆ bpf_filter
| char* PcapLogData_::bpf_filter |
bpf filter to apply to output
Definition at line 148 of file log-pcap.c.
◆ bpfp
| struct bpf_program* PcapLogData_::bpfp |
compiled bpf program
Definition at line 159 of file log-pcap.c.
◆ conditional
| LogModeConditionalType PcapLogData_::conditional |
log all packets or just packets and flows with alerts
Definition at line 165 of file log-pcap.c.
◆ file_cnt
| uint32_t PcapLogData_::file_cnt |
count of pcap files we currently have
Definition at line 161 of file log-pcap.c.
◆ filename
| char* PcapLogData_::filename |
current filename
Definition at line 152 of file log-pcap.c.
◆ h
| struct pcap_pkthdr* PcapLogData_::h |
pcap header struct
Definition at line 151 of file log-pcap.c.
◆ honor_pass_rules
| int PcapLogData_::honor_pass_rules |
don't log if pass rules have matched
Definition at line 147 of file log-pcap.c.
◆ is_private
| bool PcapLogData_::is_private |
true if ctx is thread local
Definition at line 163 of file log-pcap.c.
◆ max_files
| uint32_t PcapLogData_::max_files |
maximum files to use in ring buffer mode
Definition at line 162 of file log-pcap.c.
◆ mode
| int PcapLogData_::mode |
normal or multi
Definition at line 153 of file log-pcap.c.
◆ pcap_dead_handle
| pcap_t* PcapLogData_::pcap_dead_handle |
pcap_dumper_t needs a handle
Definition at line 157 of file log-pcap.c.
◆ pcap_dumper
| pcap_dumper_t* PcapLogData_::pcap_dumper |
actually writes the packets
Definition at line 158 of file log-pcap.c.
◆ pkt_cnt
| uint64_t PcapLogData_::pkt_cnt |
total number of packets
Definition at line 150 of file log-pcap.c.
◆ plog_lock
| SCMutex PcapLogData_::plog_lock |
Definition at line 149 of file log-pcap.c.
◆ prev_day
| int PcapLogData_::prev_day |
last day, for finding out when
Definition at line 154 of file log-pcap.c.
◆ profile_close
| PcapLogProfileData PcapLogData_::profile_close |
Definition at line 171 of file log-pcap.c.
◆ profile_data_size
| uint64_t PcapLogData_::profile_data_size |
track in bytes how many bytes we wrote
Definition at line 160 of file log-pcap.c.
◆ profile_handles
| PcapLogProfileData PcapLogData_::profile_handles |
Definition at line 170 of file log-pcap.c.
◆ profile_lock
| PcapLogProfileData PcapLogData_::profile_lock |
Definition at line 167 of file log-pcap.c.
◆ profile_open
| PcapLogProfileData PcapLogData_::profile_open |
Definition at line 172 of file log-pcap.c.
◆ profile_rotate
| PcapLogProfileData PcapLogData_::profile_rotate |
Definition at line 173 of file log-pcap.c.
◆ profile_unlock
| PcapLogProfileData PcapLogData_::profile_unlock |
Definition at line 169 of file log-pcap.c.
◆ profile_write
| PcapLogProfileData PcapLogData_::profile_write |
Definition at line 168 of file log-pcap.c.
◆ size_current
| uint64_t PcapLogData_::size_current |
file current size
Definition at line 155 of file log-pcap.c.
◆ size_limit
| uint64_t PcapLogData_::size_limit |
file size limit
Definition at line 156 of file log-pcap.c.
◆ use_stream_depth
| int PcapLogData_::use_stream_depth |
use stream depth i.e. ignore packets that reach limit
Definition at line 146 of file log-pcap.c.
The documentation for this struct was generated from the following file:
- src/log-pcap.c
