This collector enable to ingest multiple files by watching a directory. This collector can be configured to search for PCAP files or DNSTAP files. Make sure the PCAP is complete before moving the file to the directory so that file data is not truncated.
If you are in PCAP mode, the collector search for files with the .pcap extension.
If you are in DNSTap mode, the collector search for files with the .fstrm extension.
For config examples, take a look to the following links:
Options:
watch-dir: (string) directory to watch for pcap files ingestwatch-mode: (string) watch the directory pcap file with .pcap extension or dnstap stream with.fstrm extension, pcap or dnstap expectedpcap-dns-port: (integer) dns source or destination portdelete-after:: (boolean) delete pcap file after ingestchan-buffer-size: (integer) channel buffer size used on incoming packet, number of packet before to drop it.
Default values:
file-ingestor:
watch-dir: /tmp
watch-mode: pcap
pcap-dns-port: 53
delete-after: false
chan-buffer-size: 65535