semenko · May 23, 2017 16:47
diff --git a/tcpdump.sh b/tcpdump.sh
 #!/bin/bash

 if [ ! $(pidof tcpdump) ]; then
    echo "Starting tcpdump"
    /usr/sbin/tcpdump -i eth0 -n -W 1000 -G 3600 -z gzip -w /var/www/traffic-logs/%m-%d-%y-%H:00.pcap >/dev/null 2>&1 &
 else
    echo "already running"
 fi

 # That 1000 doesn't really work. Maybe gzip bug.
 ls -1t /var/www/traffic-logs/*.pcap.gz | tail -n +1000 | xargs -I{} -n1 rm "{}"

 # -n = no reverse dns
 # -W 1000 = keep 1000 individual files
 # -G 3600 = rotate every 3600 sec
 # -z gzip = postprocess w/ gzip
	#!/bin/bash

	if [ ! $(pidof tcpdump) ]; then
	echo "Starting tcpdump"
	/usr/sbin/tcpdump -i eth0 -n -W 1000 -G 3600 -z gzip -w /var/www/traffic-logs/%m-%d-%y-%H:00.pcap >/dev/null 2>&1 &
	else
	echo "already running"
	fi

	# That 1000 doesn't really work. Maybe gzip bug.
	ls -1t /var/www/traffic-logs/*.pcap.gz \| tail -n +1000 \| xargs -I{} -n1 rm "{}"

	# -n = no reverse dns
	# -W 1000 = keep 1000 individual files
	# -G 3600 = rotate every 3600 sec
	# -z gzip = postprocess w/ gzip