The linuxtcpdump script automatically captures packets within 24 hours.
Source: Internet
Author: User
Description: ------------- maindumpsh (the main program for packet capturing) passes the endless loop detection every one minute, allowing the program to continuously capture packets. considering that the packet capturing result may be too large, the analysis tool cannot open the analysis, therefore, the maximum size of each data packet is about 100 MB, and the previous packet is set to be fully captured ---------------
Maindump. sh (main program for packet capture)
Every one minute, the program continuously captures packets through the endless loop detection. considering that the packet capture result may be too large, the analysis tool cannot open the analysis, so the size of each packet is limited to about 100 MB;
The previous packet capture interval is set to 5 seconds to start the next round;
The daily data packet is placed under/data directory named by date such as:/data/2010-03-08, and compressed storage, the package command format is: yyyy-mm-dd@hhmmss-hhmmss.pcap.gz; here, yyyy-mm-dd indicates the date, the first hhmmss indicates the start time, minute, and second, and the second hhmmss indicates the end time, minute, and second of the packet capture.
Monitor_dump.sh (monitoring packet capture script), monitor_disk.sh (monitoring hard disk space)
To ensure the healthy operation of the packet capture main program, the crond program is used to schedule monitor. sh;
The main program for monitoring packet capture is normal. if it is not running, start it;
Monitor the free space of the disk. when the disk usage is greater than or equal to 30% (configurable), the data packets captured on the first day are automatically deleted to ensure the free space of the disk;
Note # diy in the script, indicating that the next line needs to be customized.
All scripts are stored in the home directory; write in crontab:
**/6 ***/bin/bash/home/monitor. sh
**/6 ***/bin/bash/home/monitor_disk.sh
Determine the time interval in crontab based on the disk space size and traffic size.
Since crontab is added, it takes time to execute it. for the current execution, you can execute: nohup sh/home/monitor. sh &
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.