The timestamp indicates when the output file was created using the local time zone.
So, what happens if the output file already exists? To avoid overwriting any existing output file, Barnyard adds a timestamp extension to the filename. This is because a pcap file must include specific header information. The log_pcap output plug-in, however, will always create a new output file. So far, all of the output plug-ins that write to a file will append to the current file if it already exists. The output file for log_pcap differs a bit from the other file-based output plug-ins we have discussed.
If the filename option is not specified, then “barnyard.pcap” will be used.
0 kommentar(er)
