Add new Ansible Playbook tcpdump.yaml
This commit is contained in:
parent
7c330ca4af
commit
6eb0f1a93a
1 changed files with 41 additions and 0 deletions
41
tcpdump-schedule/tcpdump.yaml
Normal file
41
tcpdump-schedule/tcpdump.yaml
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
# Ansible Playbook
|
||||||
|
- hosts: all
|
||||||
|
|
||||||
|
vars:
|
||||||
|
cap_file: packet_capture_{{ ansible_hostname }}_{{ ansible_date_time['epoch'] }}.pcap
|
||||||
|
|
||||||
|
|
||||||
|
vars_prompt:
|
||||||
|
- name: dur_in_sec
|
||||||
|
prompt: Please specify the runtime duration in sec
|
||||||
|
private: no
|
||||||
|
|
||||||
|
- name: interface
|
||||||
|
prompt: Please specify the interface (e.g. eth0)
|
||||||
|
private: no
|
||||||
|
|
||||||
|
- name: dest_folder
|
||||||
|
prompt: Please specify the destination folder (location on remote server e.g. /var/tmp/)
|
||||||
|
private: no
|
||||||
|
|
||||||
|
- name: filter
|
||||||
|
prompt: Please specify the tcpdump filter (e.g. host 10.10.10.10). For no filter just press enter
|
||||||
|
default: ""
|
||||||
|
private: no
|
||||||
|
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: start tcpdump
|
||||||
|
command: sudo /usr/sbin/tcpdump -G {{ dur_in_sec }} -W 1 -i {{ interface }} -s 0 -w {{ dest_folder}}/{{ cap_file }} {{ filter }}
|
||||||
|
|
||||||
|
- name: compress capture file
|
||||||
|
command: sudo gzip {{cap_file}} chdir={{ dest_folder}}/
|
||||||
|
|
||||||
|
- name: Change file permission
|
||||||
|
command: sudo chmod 755 {{ dest_folder}}/{{cap_file}}.gz
|
||||||
|
|
||||||
|
- name: copy logs to /export/tmp/ansible/
|
||||||
|
fetch: src={{ dest_folder}}/{{cap_file}}.gz dest=/export/tmp/ansible/ flat=yes
|
||||||
|
|
||||||
|
- name: remove files from remote server
|
||||||
|
command: sudo rm -r {{ dest_folder}}/{{cap_file}}.gz
|
Loading…
Add table
Add a link
Reference in a new issue