pom-ng:output:pcap_flow
gmsoft created
pom-ng:output:pcap_flow [2014/05/26 14:44] (current)
gmsoft Add event pcap_flow_file
Line 13: Line 13:
 +===== Events =====
 +^ Name ^ Payload associated ^ Description ^
 +|pcap_flow_file|no|Event containing informations about files created by the output.|
 +==== pcap_flow_file ====
 +This event starts when a new file is created and ends when the file is closed.
 +^ Field ^ Type ^ Description ^
 +|output|string|Name of the output which generated the event.|
 +|filename|string|Filename being created.|
 +|bytes|uint64|Number of packet bytes written to the file.|
 +|packets|uint64|Number of packets written to the file.|
 +|info|list|List all the info of the first packet. The key is '​proto.field'​ and the value is the field value.|
Last modified: 2014/05/26