config.ini

# these settings for capture will be overridden on the command-line (with "-o field=value")
# so you can (for the most part) ignore settings here that seem like dummy settings

[default]
antiSynDrop=false
compressES=false
debug=0
dropGroup=netdev
dropUser=sensor
elasticsearch=http://192.168.0.1:9200
freeSpaceG=5%
geoLite2ASN=/dummy/GeoLite2-ASN.mmdb
geoLite2Country=/dummy/GeoLite2-Country.mmdb
httpRealm=Arkime
icmpTimeout=10
bpf=
interface=enp0s1
logESRequests=false
logEveryXPackets=500000
logFileCreation=true
logHTTPConnections=false
logUnknownProtocols=false
luaFiles=
maxESConns=30
maxESRequests=500
maxFileSizeG=4
maxFileTimeM=180
maxPackets=10000
maxReqBody=64
maxStreams=1000000
ouiFile=/dummy/oui.txt
packetsPerPoll=50000
parseQSValue=false
parsersDir=/dummy/parsers
parseSMB=true
parseSMTP=true
passwordSecret=Malcolm
pcapDir=/tmp
plugins=lua.so
pluginsDir=/dummy/plugins
reqBodyOnlyUtf8=true
rirFile=/dummy/ipv4-address-space.csv
rotateIndex=daily
smtpIpHeaders=X-Originating-IP:;X-Barracuda-Apparent-Source-IP:
spiDataMaxIndices=7
supportSha256=false
tcpSaveTimeout=720
tcpTimeout=600
udpTimeout=30
uploadCommand=
viewPort=8005

### High Performance settings
# https://github.com/arkime/arkime/wiki/Settings#High_Performance_Settings
magicMode=basic
pcapReadMethod=tpacketv3
tpacketv3NumThreads=2
tpacketv3BlockSize=8388608
pcapWriteMethod=simple
pcapWriteSize=2560000
simpleCompression=zstd
simpleZstdLevel=3
simpleGzipLevel=3
packetThreads=1
maxPacketsInQueue=300000
dbBulkSize=4000000
rulesFiles=/dummy/rules.yml