Skip to content
Legacy docs for Tenzir v5.x. For the latest Tenzir v6 series, visit docs.tenzir.com. Migrating from v5? Read the Tenzir v6 migration guide.

write_pcap

Transforms event stream to PCAP byte stream.

write_pcap

Description

Section titled “Description”

Transforms event stream to PCAP byte stream.

The structured representation of packets has the pcap.packet schema:

pcap.packet:
  record:
    - linktype: uint64
    - time:
        timestamp: time
    - captured_packet_length: uint64
    - original_packet_length: uint64
    - data: string

Examples

Section titled “Examples”

Write packet events as a PCAP file

Section titled “Write packet events as a PCAP file”
subscribe "packets"
write_pcap
save_file "/logs/packets.pcap"

See Also

Section titled “See Also”

Last updated: