The capture Task
capture is a network packet capture task.
Configuration options
All options are optional.
filter-
filteraccepts classic BPF syntax to filter which packets to capture.For example, get DNS packets:
filter:udp port 53 meta-
default ""Meta allows you configure exactly what metadata (interface, and pod if captured inside a pod) will be published with the payload message. See Configuring the meta Field for more information.For example:
meta: process.name+pod.min skipPayload-
default falseBy default, thecaptureTask publishes the raw packet as a base64 string payload. By setting this value to "true", the packet will not be published. This is useful if the packet data is used for a subsequent task which will produce data but the full packet payload is not needed.For example:
skipPayload: true
Conditions
capture is affected by the following conditions.
interface.name-
If
interface.nameis supplied, thecaptureTask will only capture packets from the interface with the given name.For example:
interface.name:eth0 process.name-
Filtering capture to collect traffic in the network namespace by Process Name.
For example:
process.name:myprogram process.pid-
Filtering capture to collect traffic in the network namespace by Process PID.
container.id-
Filtering capture to collect traffic in the network namespace by Container ID/UID.
container.name-
Filtering capture to collect traffic in the network namespace by Container Name.
container.label-
Filtering capture to collect traffic in the network namespace by Container Label value or key=value.
pod.id-
Filtering capture to collect traffic in the network namespace by Pod ID/UID.
pod.name-
Filtering capture to collect traffic in the network namespace by Pod Name.
pod.namespace-
Filtering capture to collect traffic in the network namespace by Pod K8s Namespace.
pod.label-
Filtering capture to collect traffic in the network namespace by Pod Label value or key=value.