Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 00:58:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add command-line option to write unprocessed packets to a file

Browse source 
This commit also changes the PcapDumper to automatically flush after
every called to Dump(). This is because pcap_dump has an internal buffer
of some sort that only writes to the file after a set amount of bytes.
When using the new option on a low-traffic network, it might be a while
before you see any packets written since it has to overcome that buffer
limit first.
This commit is contained in:
Tim Wojtulewicz 2021-11-08 11:04:40 -07:00
parent fe932944c4
commit 92b84a00f9
6 changed files with 35 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/zeek-setup.cc
View file

@ -708,7 +708,7 @@ SetupResult setup(int argc, char** argv, Options* zopts)
exit(success ? 0 : 1);
}
packet_mgr->InitPostScript();
packet_mgr->InitPostScript(options.unprocessed_output_file.value_or(""));
analyzer_mgr->InitPostScript();
file_mgr->InitPostScript();
dns_mgr->InitPostScript();