DaemonLogger is a fast packet logger designed specifically for use in NSM environments.

The libpcap-based program has two runtime modes:

  1. It sniffs packets and spools them straight to the disk and can daemonize itself for background packet logging. By default the file rolls over when 2 GB of data is logged.
  2. It sniffs packets and rewrites them to a second interface, essentially acting as a soft tap. It can also do this in daemon mode.

These two runtime modes are mutually exclusive, if the program is placed in tap mode (using the -I switch) then logging to disk is disabled.