How to check the storage status if I run and save the tcpdump in /var/tmp for 3hours?
You can check directly file, for example if you lunch this command:
tcpdump -nni 0.0 host 126.96.36.199 -w /var/tmp/file.cap
then regularly check the size of the captured file with this following command:
ls -la /var/tmp/file.cap
It will give you size of packet Up-to-date.
Hope it help you.
If you need info about tcpdump:
Thank you for your fast respond. But due to the traffic is huge and I will capture for at least 3 hours at midnight, I can't keep check the file size. Since I have 380GB free space in disk management, tcpdump will use this until it's full?
You can capture traffic to a (until) specific size:
if run with the -c flag, it will capture packets until it is interrupted by a SIGINT or SIGTERM signal or the specified number of packets have been processed.
Additional in your capture add as many filters as you can to reduce the file size.
I cannot use filter and specific size cause I need to capture all traffic passing through F5 in 3 hours.
Find a solution for you:
You can plug an external hard disk an mount it to F5. Then store your file in this external hard disk
Take exemple wit this article:
Saving large tcpdump packet traces in limited disk space scenarios --> https://support.f5.com/csp/article/K16793
OK, I will try that.