Configuring DAQ
The configuration options for the daq module can be listed using the help command available with Snort, as follows:
snort3 --help-module daq
The output for the preceding command is given here:
Configuration:
string daq.module_dirs[].path: directory path
string daq.inputs[].input: input source
int daq.snaplen = 1518: set snap length (same as -s) { 0:65535 }
int daq.batch_size = 64: set receive batch size (same as --daq-batch-size) { 1: }
string daq.modules[].name: DAQ module name (required)
enum daq.modules[].mode = 'passive': DAQ module mode { 'passive' | 'inline' | 'read-file' }
string daq.modules[].variables[].variable: DAQ module variable (foo[=bar]) These configuration parameters can be set within the lua configuration file.
In addition, there are the following command-line arguments for Snort that are relevant for DAQ:
|
|
... |
