Forum Discussion
swo0sh_gt_13163
Altostratus
Thanks Nitass,
The script looks reactive, can it be pro-active? Rather waiting for the occurrence to happen, can we always run the TCPDUMP, let's 5 copies should be saved under /var/tmp and each copy should have 1000 packets (using -c), and when it sees the particular message, stop the script after getting another 1000 packets, to capture the complete the flow.
Possible?
Thanks,
nitass
Mar 22, 2015Employee
i think you can run tcpdump continuously using -C (capital c) and -W (capital w) and stop tcpdump when seeing log message using icall or /config/user_alert.conf.