Saturday, October 27, 2018

How To Run Tcpdump With Logs Rotating

Requirement:

    We need to get tcp traffic on busy systems to diagnose the network related issues.  Tcpdump is a great tool but it also dumps huge amount of data which fill up disk easily.

Solution:

tcpdump has rotation built in. Use below command:
-C  8000*1,000,000 byet --> around 8G each file size
-W total 9 files to keep

nohup tcpdump -i bond0 -C 8000 -W 9 port 5801 -w tcpdump-$(hostname -s).pcap -Z root &

No comments: