MOLOCH retention time and packets overwriting roles

[Hossam zalapany]

Dear All,

Hallo zusammen :)

I'm still in my first few steps here, so sorry if my questions are not that expert or advanced ...
is there is any way to set some rules for the packets overwriting according to time set, or free-space alert? the idea here is to use MOLOCH as a small capture box, with a minimum capture space for like 6 hours only. I am asking if there are any options to automate the deletion of outdated PCAPS or overwrite them depending on time parameter or size alert parameter?

also is there any way to retrieve the retention time for the PCAPs? I mean the date of first available captured packets?

Thanks a lot

Hossam

[Andy]

On Tuesday, May 31, 2016 at 5:56:11 AM UTC-4, Hossam zalapany wrote:

Dear All,

Hallo zusammen :)

I'm still in my first few steps here, so sorry if my questions are not that expert or advanced ...
is there is any way to set some rules for the packets overwriting according to time set, or free-space alert? the idea here is to use MOLOCH as a small capture box, with a minimum capture space for like 6 hours only. I am asking if there are any options to automate the deletion of outdated PCAPS or overwrite them depending on time parameter or size alert parameter?

It is based on free space see freeSpaceG in https://github.com/aol/moloch/wiki/Settings#Basic_Settings

 

also is there any way to retrieve the retention time for the PCAPs? I mean the date of first available captured packets?

No api, you can do a ls -l in the pcapDir

 

Thanks a lot

Hossam