Most of the live system requires PCAP/Wireshark log collection on the network interfaces. But logs needs to be rotated to avoid disk space consumption. Using simple script and tcpdump command, it is very easy to achieve this goal. tcpdump has an option to set the rotation of log files by specifying the number of log files and size of each log file. tcpdump command can be run in the background using these options. Writing a script to perform this task in the background is the best option.
Below is the Syntax:
tcpdump -nni <network interface> <filter if any> -s0 -w - | ( tcpdump -nn -r - -W <Number of files> -C <Size of each file> -w <Log file name> > <Logfile.output> 2> <Log.error> )
Below is the Example for keeping last 50 pcap files for eth0 interface, each file of size 20MB:
tcpdump -nni eth0 not arp and not port 22 -s0 -w - | ( tcpdump -nn -r - -W 50 -C 20 -w WS_ETH0.pcap > log.output 2> log.error )
Below is the Syntax:
tcpdump -nni <network interface> <filter if any> -s0 -w - | ( tcpdump -nn -r - -W <Number of files> -C <Size of each file> -w <Log file name> > <Logfile.output> 2> <Log.error> )
Below is the Example for keeping last 50 pcap files for eth0 interface, each file of size 20MB:
tcpdump -nni eth0 not arp and not port 22 -s0 -w - | ( tcpdump -nn -r - -W 50 -C 20 -w WS_ETH0.pcap > log.output 2> log.error )
No comments:
Post a Comment