From 6eb0f1a93ac31a6426827f7fc7e55e43dca5a70d Mon Sep 17 00:00:00 2001 From: petbau Date: Tue, 25 Feb 2025 11:31:23 +0100 Subject: [PATCH] Add new Ansible Playbook tcpdump.yaml --- tcpdump-schedule/tcpdump.yaml | 41 +++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 tcpdump-schedule/tcpdump.yaml diff --git a/tcpdump-schedule/tcpdump.yaml b/tcpdump-schedule/tcpdump.yaml new file mode 100644 index 0000000..648e918 --- /dev/null +++ b/tcpdump-schedule/tcpdump.yaml @@ -0,0 +1,41 @@ +# Ansible Playbook +- hosts: all + + vars: + cap_file: packet_capture_{{ ansible_hostname }}_{{ ansible_date_time['epoch'] }}.pcap + + + vars_prompt: + - name: dur_in_sec + prompt: Please specify the runtime duration in sec + private: no + + - name: interface + prompt: Please specify the interface (e.g. eth0) + private: no + + - name: dest_folder + prompt: Please specify the destination folder (location on remote server e.g. /var/tmp/) + private: no + + - name: filter + prompt: Please specify the tcpdump filter (e.g. host 10.10.10.10). For no filter just press enter + default: "" + private: no + + + tasks: + - name: start tcpdump + command: sudo /usr/sbin/tcpdump -G {{ dur_in_sec }} -W 1 -i {{ interface }} -s 0 -w {{ dest_folder}}/{{ cap_file }} {{ filter }} + + - name: compress capture file + command: sudo gzip {{cap_file}} chdir={{ dest_folder}}/ + + - name: Change file permission + command: sudo chmod 755 {{ dest_folder}}/{{cap_file}}.gz + + - name: copy logs to /export/tmp/ansible/ + fetch: src={{ dest_folder}}/{{cap_file}}.gz dest=/export/tmp/ansible/ flat=yes + + - name: remove files from remote server + command: sudo rm -r {{ dest_folder}}/{{cap_file}}.gz \ No newline at end of file