Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PcapHTTPConsumer ¶
type PcapHTTPConsumer struct {
core.ConsumerBase
// contains filtered or unexported fields
}
PcapHTTPConsumer consumer plugin Configuration example
- "native.PcapHTTPConsumer": Enable: true Interface: eth0 Filter: "dst port 80 and dst host 127.0.0.1" Promiscuous: true TimeoutMs: 3000
This plugin utilizes libpcap to listen for network traffic and reassamble http requests from it. As it uses a CGO based library it will break cross platform builds (i.e. you will have to compile it on the correct platform).
Interface defines the network interface to listen on. By default this is set to eth0, get your specific value from ifconfig.
Filter defines a libpcap filter for the incoming packages. You can filter for specific ports, portocols, ips, etc.. The documentation can be found here: http://www.tcpdump.org/manpages/pcap-filter.7.txt (manpage). By default this is set to listen on port 80 for localhost packages.
Promiscuous switches the network interface defined by Interface into promiscuous mode. This is required if you want to listen for all packages coming from the network, even those that were not meant for the ip bound to the interface you listen on. Enabling this can increase your CPU load. This setting is enabled by default.
TimeoutMs defines a timeout after which a tcp session is considered to have dropped, i.e. the (remaining) packages will be discarded. Every incoming packet will restart the timer for the specific client session. By default this is set to 3000, i.e. 3 seconds.
func (*PcapHTTPConsumer) Configure ¶
func (cons *PcapHTTPConsumer) Configure(conf core.PluginConfig) error
Configure initializes this consumer with values from a plugin config.
func (*PcapHTTPConsumer) Consume ¶
func (cons *PcapHTTPConsumer) Consume(workers *sync.WaitGroup)
Consume enables libpcap monitoring as configured.
Source Files