Skip to content

Instantly share code, notes, and snippets.

@semenko
Created May 23, 2017 16:47
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save semenko/bb10021c71cc730ad7f4ffba6dcee386 to your computer and use it in GitHub Desktop.
tcpdump on span interface
#!/bin/bash
if [ ! $(pidof tcpdump) ]; then
echo "Starting tcpdump"
/usr/sbin/tcpdump -i eth0 -n -W 1000 -G 3600 -z gzip -w /var/www/traffic-logs/%m-%d-%y-%H:00.pcap >/dev/null 2>&1 &
else
echo "already running"
fi
# That 1000 doesn't really work. Maybe gzip bug.
ls -1t /var/www/traffic-logs/*.pcap.gz | tail -n +1000 | xargs -I{} -n1 rm "{}"
# -n = no reverse dns
# -W 1000 = keep 1000 individual files
# -G 3600 = rotate every 3600 sec
# -z gzip = postprocess w/ gzip
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment