When using daemon mode, the process ensures automatic database updates and the ability to send events via syslog.
The token -daemon allows the process to turn into Daemon mode.
The process will write its pid in /var/run/articapsniffer.pid file
To turn OFF the daemon mode use the token -disable-daemon
By default, in daemon mode, updates are checked every hour, but you can change this frequency.
The token -update-schedule [minutes] change the interval between each check.
The token -status allows you to get the daemon status and all saved parameters
To reload the daemon, means flushing memory caches and reload sources databases in memory, use the token -reload
When running kill -USR1 [pid], Artica PCAP filter will write statistics in the events log
example:
{"level":"info","time":1690675847,"message":"Statistics: Number of captured packets: 0"}{"level":"info","time":1690675847,"message":"Statistics: Number received syslog messages: 10353"}{"level":"info","time":1690675847,"message":"Statistics: Number received Fortinet syslog messages: 10295"}{"level":"info","time":1690675847,"message":"Statistics: Number of bad addresses found: 35"}