Forum Discussion
swo0sh_gt_13163
Altostratus
Thanks Nitass,
The script looks reactive, can it be pro-active? Rather waiting for the occurrence to happen, can we always run the TCPDUMP, let's 5 copies should be saved under /var/tmp and each copy should have 1000 packets (using -c), and when it sees the particular message, stop the script after getting another 1000 packets, to capture the complete the flow.
Possible?
Thanks,
nitass
Employee
Mar 22, 2015i think you can run tcpdump continuously using -C (capital c) and -W (capital w) and stop tcpdump when seeing log message using icall or /config/user_alert.conf.