Running long-living tcpdumps on BigIP

screen? Never used it.

 

 

The best (Gold plated) way would probably be to setup a service. Then you can start it with 'services xxx (start|stop|status), and use chkconfig to enable/disable the auto running of the service on boot. That may be more than you need.

 

 

If you're happy to kick off the tcpdump manually, use nohup, and kick the task off in the background (With &). e.g.

 

 

nohup tcpdump -i -s 2000 -w /var/tmp/mydumpfile -C "filter" &

 

 

That'll run a copy of tcpdump, detatched in the background, and nohup will ensure that when you logout, it won't get a hang-up signal... So it'll basically run forever. And will roll the dumpfile over to a new one when it reaches MB (That's decimal millions, not ^2).

 

 

 

That leaves you with one problem... Number of files... I've seen versions of tcpdump that'll let you specify a number of files to keep, but I don't think LTM's tcpdump does that. So you either want to run a small job in under cron to clean-up, or use a script to kickoff tcpdump AND cleanup files... If you don't mind losing a few packets between files, you could also run tcpdump in a loop (From a script - Or from direct typing if you're confident :), with -c , it'll exit after packets, and you can cleanup and run another copy of tcpdump...

 

 

6 of one... Half dozen of the other... There'll be a few more ways to skin the cat too... That's Unix for you :) I love it...

 

 

YMMV...

 

 

No cats were harmed in the typing of this email...

 

 

:)

 

 

H