NAME
virani - PCAP fetch tool for use with FPCs that save to PCAP format.
SYNOPSIS
virani -s <start> -e <end> -f <filter> [-t <type>] [-t <set>] [--config <file>] [-w <output] [--nc]
virani -r <remote> -s <start> -e <end> -f <filter> [-t <type>] [-t <set>] --config <file>] [-w <output] [--nc] [-a <apikey>] [-k]
DESCRIPTION
LOCAL
Will read in the config '/usr/local/etc/virani.toml' and search the specified PCAP dirs.
For information on the config, please see Virani.
REMOTE
When used with -r, it connects up to a remote location running mojo-virani.
If the item specified by that switch is a HTTP or HTTPS url it will use that for with Viarni::Client. Otherwise it will use that as part of a config file name or path to a config file. Searching in the order below.
$remote
$remote.toml
/usr/local/etc/virani.d/$remote
/usr/local/etc/virani.d/$remote.toml
/etc/virani.d/$remote
/etc/virani.d/$remote.tomlIf a API key is needed, it is read in in the order below.
-a
$ENV{virani_api_key}
$config{apikey}If using HTTPS, cert verification is read in the order below. '-k' is true and the rest are boolean.
-k
$ENV{VIRANI_VERIFY_HOSTNAME}
$ENV{HTTPS_VERIFY_HOSTNAME}
$ENV{PERL_LWP_VERIFY_HOSTNAME}
$config{verify_hostname}FLAGS
-r <remote>
Remote URL or config file for remote info.
-a <apikey>
API key for remote URL if needed.
-f <filter>
Filter for use with tshark or tcpdump.
-t <type>
tcpdump or tshark
Default :: tcpdump
-t <set>
Set to use. If undef, uses whatever the default is.
Default :: undef
--config <config>
Config file to use.
Default :: /usr/local/etc/virani.toml
-s <timestamp>
Start timestamp. Any format supported by
Time::Piece::Guess is usable.
-e <timestamp>
End timestamp. Any format supported by
Time::Piece::Guess is usable.
-w <output>
The file to write the PCAP to.
Default :: out.pcap
--nc
If cached, do not use it.
-k
Do not check the SSL cert for HTTPS for remote.