From 6eb0f1a93ac31a6426827f7fc7e55e43dca5a70d Mon Sep 17 00:00:00 2001
From: petbau <petbau@linuxnet.ch>
Date: Tue, 25 Feb 2025 11:31:23 +0100
Subject: [PATCH] Add new Ansible Playbook tcpdump.yaml

---
 tcpdump-schedule/tcpdump.yaml | 41 +++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 tcpdump-schedule/tcpdump.yaml

diff --git a/tcpdump-schedule/tcpdump.yaml b/tcpdump-schedule/tcpdump.yaml
new file mode 100644
index 0000000..648e918
--- /dev/null
+++ b/tcpdump-schedule/tcpdump.yaml
@@ -0,0 +1,41 @@
+# Ansible Playbook
+- hosts: all
+
+  vars:
+      cap_file: packet_capture_{{ ansible_hostname }}_{{ ansible_date_time['epoch'] }}.pcap
+
+
+  vars_prompt:
+    - name: dur_in_sec
+      prompt: Please specify the runtime duration in sec
+      private: no
+
+    - name: interface
+      prompt: Please specify the interface (e.g. eth0)
+      private: no
+    
+    - name: dest_folder
+      prompt: Please specify the destination folder (location on remote server e.g. /var/tmp/)
+      private: no
+
+    - name: filter
+      prompt: Please specify the tcpdump filter (e.g. host 10.10.10.10). For no filter just press enter
+      default: ""
+      private: no
+
+ 
+  tasks:
+    - name: start tcpdump
+      command: sudo /usr/sbin/tcpdump -G {{ dur_in_sec }} -W 1 -i {{ interface }} -s 0 -w {{ dest_folder}}/{{ cap_file }} {{ filter }}
+ 
+    - name: compress capture file
+      command: sudo gzip {{cap_file}} chdir={{ dest_folder}}/
+ 
+    - name: Change file permission
+      command: sudo chmod 755 {{ dest_folder}}/{{cap_file}}.gz
+
+    - name: copy logs to /export/tmp/ansible/
+      fetch: src={{ dest_folder}}/{{cap_file}}.gz dest=/export/tmp/ansible/ flat=yes
+
+    - name: remove files from remote server
+      command: sudo rm -r {{ dest_folder}}/{{cap_file}}.gz 
\ No newline at end of file