Table of Contents
Share this post
NXLog User Guide
Table of Contents
- Introduction
- Deployment
- Configuration
- OS Support
- Integration
- Troubleshooting
- Enterprise Edition Reference Manual
- 143. Man Pages
- 144. Configuration
- 145. Language
- 146. Extension Modules
- 147. Input Modules
- 147.1. Process accounting (im_acct)
- 147.2. AIX auditing (im_aixaudit)
- 147.3. Azure (im_azure)
- 147.4. Batched compression (im_batchcompress)
- 147.5. Basic Security Module Auditing (im_bsm)
- 147.6. Check Point OPSEC LEA (im_checkpoint)
- 147.7. DBI (im_dbi)
- 147.8. Event Tracing for Windows (im_etw)
- 147.9. External programs (im_exec)
- 147.10. File (im_file)
- 147.11. File integrity monitoring (im_fim)
- 147.12. Go (im_go)
- 147.13. HTTP(s) (im_http)
- 147.14. Internal (im_internal)
- 147.15. Java (im_java)
- 147.16. Kafka (im_kafka)
- 147.17. Kernel (im_kernel)
- 147.18. Linux Audit System (im_linuxaudit)
- 147.19. macOS Endpoint Security (im_maces)
- 147.20. macOS ULS (im_maculs)
- 147.21. Mark (im_mark)
- 147.22. Event Logging for Windows XP/2000/2003 (im_mseventlog)
- 147.23. Event log for Windows 2008/Vista and later (im_msvistalog)
- 147.24. Null (im_null)
- 147.25. ODBC (im_odbc)
- 147.26. Packet capture (im_pcap)
- 147.27. Perl (im_perl)
- 147.28. Named pipes (im_pipe)
- 147.29. Python (im_python)
- 147.30. Redis (im_redis)
- 147.31. Windows Registry Monitoring (im_regmon)
- 147.32. Ruby (im_ruby)
- 147.33. TLS/SSL (im_ssl)
- 147.34. Systemd (im_systemd)
- 147.35. TCP (im_tcp)
- 147.36. Test Generator (im_testgen)
- 147.37. UDP (im_udp)
- 147.38. Unix domain sockets (im_uds)
- 147.39. Windows Performance Counters (im_winperfcount)
- 147.40. Windows Event Collector (im_wseventing)
- 147.41. ZeroMQ (im_zmq)
- 148. Processor Modules
- 149. Output Modules
- NXLog Manager
- NXLog Add-Ons
147.26. Packet capture (im_pcap)
This module provides support to passively monitor network traffic by generating logs for various protocols. It uses the libpcap and WinPcap libraries to capture network traffic.
|
Note
|
When running under Windows, im_pcap uses the WinPcap library to capture network traffic. Due to licensing restrictions, the NXLog installer does not include WinPcap. The WinPcap library has to be obtained and installed separately before using im_pcap. You can get a copy from the project’s website. If WinPcap is not installed, attempting to use the im_pcap module will fail with an error. |
|
Note
|
Multiple instances of im_pcap are not supported currently. |