Witam,
Przeszukując internet znalazłem skrypt automatycznego zapisywania logów do pliku .cap przy pomocy tcpdumpa. Może się wam przyda :)
Autor : http://xnite.org/
[code] 'eth0', //Usually eth0, if you are unsure, you can find the device name by running ifconfig. 'report_speed' => '15', //MBps that you want to start tracking at. 'packets2capture' => '1000', //Number of packets to capture in pcap dump. 'save_to' => '/var/log/ddos' //Path to save ddos pcap logs to without the trailing /. ];
Do not edit below this line!
exec("/usr/bin/ifstat .5 1 | /bin/grep -o '[0-9]{1,9}.[0-9]{1,9}'", $iospeed); $report_speed = $CONFIG['report_speed']*1024; $ts = date('U'); $folder = $CONFIG['save_to']; $interface = $CONFIG['device']; $packnum = $CONFIG['packets2capture']; if($iospeed[0]+$iospeed[1] >= $CONFIG['report_speed']*1024) { echo $iospeed[0]+$iospeed[1]." is equal to or greater than $report_speed.\n"; echo "Capturing tcpdump.\nPackets: $packnum\nInterface: $interface\n Saving to: $folder/$ts.ddos.pcap\n"; exec("/usr/bin/pkill -9 tcpdump"); exec("/usr/sbin/tcpdump -nn -i $interface -s 0 -c $packnum -w $folder/$ts.ddos.pcap"); } else { echo $iospeed[0]+$iospeed[1]." is less than $report_speed.\n"; }
?>[/code]