(new related group 1)

Syslog

Voriges Thema

Nächstes Thema

Tcpdump

Tcpdump will help you debug network issues by capturing packets from up to 4 individual network interfaces.

Network capture files grow extraordinarily fast.

  • You can use compression to reduce capture file size, but it may impact system performance.
  • As soon as you know what you are looking for you can use tcpdump filter expressions to reduce capture file size.

Using the Netlog facility, it is possible to copy capture files to a subdirectory, triggered by an error in another log, so the captures before and after the error will be preserved for your analysis.

You can use Wireshark on an external system for analyzing capture files.

Find out more about Tcpdump from its homepage.

 

IGEL Setup > Registry

 

> Resolve addresses/ports to names

debug.tools.tcpdump[0-3].address_resolution

enabled / disabled

 

 

 

IGEL Setup > Registry

 

> Compression Method

debug.tools.tcpdump[0-3].compression

lzop, gzip, bzip2, xz

 

The compression method affects file size as well as system performance while compressing. The default lzop methiod is relatively light on the CPU.

 

IGEL Setup > Registry

 

> Interface for tcpdump logging

debug.tools.tcpdump[0-3].interface

user editable string / eth0

 

 

 

IGEL Setup > Registry

 

> Number of Rotate Files

debug.tools.tcpdump[0-3].num_rotate_files

3 ... 10

 

Number of files to be kept while rotating.

 

IGEL Setup > Registry

 

> Only Log Package Headers

debug.tools.tcpdump[0-3].only_headers

enabled / disabled

 

 

 

IGEL Setup > Registry

 

> Enable promisc tcpdump logging

debug.tools.tcpdump[0-3].promisc

enabled / disabled

 

Enable promiscuous mode on the network interface to also capture packets not intended for this host.

 

IGEL Setup > Registry

 

> Logfile rotate size in MiB

debug.tools.tcpdump[0-3].rotate_size

10, 15 ,20 ,25 ,30 , 40

 

Rotate when the size of the uncompressed file reaches this size in MiB.

 

IGEL Setup > Registry

 

> Logfile rotate time in s

debug.tools.tcpdump[0-3].rotate_time

0 / user editable integer

 

Time in seconds after which the logfile is rotated and compressed. If set to 0 no time-based rotation happens.

 

IGEL Setup > Registry

 

> Additional Parameters for tcpdump

debug.tools.tcpdump[0-3].tcpdump_additional_parameters

user editable string

 

Use with care.

 

IGEL Setup > Registry

 

> Enable tcpdump

debug.tools.tcpdump[0-3].tcpdump_enabled

enabled / disabled

 

 

 

IGEL Setup > Registry

 

> tcpdump filter expression

debug.tools.tcpdump[0-3].tcpdump_filter

user editable string

 

Tcpdump filter expression. For the expression syntax, see the pcap-filter(7) manpage.