Watchdog TImer

v728+

pcap2json has a built in watchdog timer that automatically restarts the system if no Input PCAP data is received, or Output JSON data is sent.

By default the function is disabled

Configuration to enable is in

/mnt/store0/etc/pcap2json.lua

Example configuration shown below

local Config =
{
["General"] =
{
    IsMultiFE       = true,
    WatchdogTimeout = 30,
}
.
.

Key configuration is "WatchdogTimeout" which is set to number of seconds. In the above example it waits for 30 seconds of null activity before restarting the pcap2json system.

This can be tuned based on the network profile of the captured data. Recommend 60sec to 5 minutes.

Duplicate JSON on restart

When a watchdog restart is generated it creates a sentinel file

/tmp/pcap2json.watchdog

When pcap2json restarts it checks if this file exists, if so disables "FollowStart" mode and instead always starts processing the currently capturing PCAP at the current time, not from the start of the capture.

While the data will have gaps, it does not generate duplicate data downstream that would result in incorrect network statistics.

Last updated