Information Security News
A while back, I was in need of tapping the traffic going through my Linux gateway and was looking at doing this on the cheap, meaning to spend as little as possible on a tap to capture everything going from the internal to external and vice versa without having to put in another device (inline tap). After reviewing daemonloggers  capabilities, I realized I could capture the traffic from one of the two interfaces of my gateway and forward a copy to a third interface connected to my packet sniffer.
In my rc.local file, I added the following command to get the software tap to restart each time the gateway was restarted. The configuration is simple, indicate which interface is used for the input (i.e. -i eth0) and where the software tap is located (i.e. -o eth2) by activating tap mode and finally start daemonlogger as a daemon (i.e. -d).
# Starting packet forwarding to from eth0 to eth2 for full packet capture ...
/usr/local/sbin/daemonlogger -i eth0 -o eth2 -d