• 首页
• 分类首页

RunTcpdump.sh

#!/bin/sh
# run tcpdump everyday.
# 0 0 * * * root /root/RunTcpdump.sh
# 抓包数据文件：/var/log/IP_日期.tcpdump，每日凌晨00:00自动切换。
# 抓包管理操作日志：/var/log/RunTcpdump.log
HOSTNAME=`hostname`
TODAY=`date +'%Y%m%d'`
logdir=/var/log
logfile=$logdir/RunTcpdump.log

export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin

# 清除较早历史文件
z_clearcycle(){
    local rev
    find ${1} -maxdepth 1 -type f -atime +${2} -name "*.tcpdump" -exec rm -f {} \;
    rev=$?
    if [ "$rev" = "0" ];then
        echo "`date +"%Y-%m-%d %H:%M:%S"`  ${2} days ago file  spare parts for ${1}'s paper!"
    fi
}

[ ! -d "$logdir" ] && mkdir -p "$logdir"
exec 1>>"$logfile"
exec 2>&1
echo "--------------------------------------------------------"
echo "`date +"%Y-%m-%d %H:%M:%S"` killall"
ps aux|grep tcpdump|grep -v grep
killall tcpdump

if [ "$1" != "stop" ];then
    dumprule="host 60.195.250.200"
    dumpfile="60.195.250.200_$TODAY.tcpdump"

    echo "`date +"%Y-%m-%d %H:%M:%S"` run tcpdump($TODAY,$dumprule) -> $logdir/$dumpfile"
    nohup tcpdump -nn -s 0 -i eth0 -w $logdir/$dumpfile "$dumprule" &
fi

ps aux|grep tcpdump|grep -v grep
z_clearcycle "$logdir" 30
exit 0

© 2012 - 2021 XStar  | Powerby:Vimwiki  | Style:丘迟  | 首页  | 分类首页  | 站点地图