标签:host task pkill web files src gzip oca log
- hosts: all
vars:
cap_file: packet_capture_{{ ansible_hostname }}.pcap
tasks:
- name: start tcpdump
# command: /usr/sbin/tcpdump -nnvi any ‘port 80‘ -s 0 -B 65535 -C 50M -W 100 -w /data/tmp/{{ cap_file }}
command: /usr/sbin/tcpdump -nnvi any ‘port 80‘ -s 0 -B 65535 -w /data/tmp/{{ cap_file }}
async: 60
poll: 0
- pause: minutes=1 prompt="pause for 60 seconds or press Ctrl + c then c to continue"
- name: kill tcpdump
command: /usr/bin/pkill tcpdump
- name: compress capture file
shell: (cd /data/tmp && gzip {{ cap_file }})
- name: copy logs to local boxes webroot
fetch: src=/data/tmp/{{ cap_file }}.gz dest=/tmp flat=yes
- name: remove files from server
file: path=/data/tmp/{{ cap_file }}.gz state=absent
/usr/sbin/tcpdump -nnvi any dst 10.131.4.128 -s 0 -B 65535 -C 50M -W 100 -w /data/tmp/
tcpdump -i 1 -c 1 -nn? dst 192.168.233.1 and port 80
[zhongchunxi@opsjumper1v ~]$ cat tcpdump.yaml
#ansible -i add add -m shell -a "killall tcpdump;rm -f /data/tmp/*" -K -k -s
#ansible-playbook -i add tcpdump.yaml -K -k -s
- hosts: all
vars:
IP: "{{ ansible_eth0[‘ipv4‘][‘address‘] }}"
tasks:
- name: mkdir -pv /data/tmp
file: dest=/data/tmp mode=777 owner=root group=root state=directory
- name: stop tcpdump
command: killall tcpdump
tags:
- stop
# - name: rm -f /data/tmp/pcap
# command: rm -f /data/tmp/*pcap*
# - name: start tcpdump
# shell: screen -dmS haha /usr/sbin/tcpdump -nnvi any dst 10.20.0.45 -s 0 -B 65535 -C 50M -W 100 -w /data/tmp/{{ inventory_hostname }}.pcap
# - name: start tcpdump
# shell: screen -dmS haha /usr/sbin/tcpdump host 10.130.4.4 and \(10.130.0.117 or 10.130.0.178 or 10.130.0.174 \) -s 0 -B 65535 -C 200M -W 50 -w /data/tmp/{{ inventory_hostname }}.pcap
- name: start tcpdump
# shell: screen -dmS haha /usr/sbin/tcpdump -i bond1 -vvv host 10.130.4.4 and 10.130.0.32 -s 0 -B 65535 -C 200M -W 50 -w /data/tmp/{{ inventory_hostname }}.pcap
# pcap
#
# shell: screen -dmS haha /usr/sbin/tcpdump -nnvi any -vvv host {{ IP }} and /(10.131.1.154 or 10.131.1.235 or 10.131.5.136 or 10.131.5.155 or 10.131.5.152 or 10.131.4.158 or 10.131.5.117 or 10.131.5.226/) -s 0 -B 65535 -C 100M -W 100 -w /data/tmp/{{ inventory_hostname }}.pcap
# shell: screen -dmS haha /usr/sbin/tcpdump -nnvi any -vvv host 10.131.11.8 and ‘tcp port 8360‘ -s 0 -B 65535 -C 100M -W 100 -w /data/tmp/{{ inventory_hostname }}.pcap
shell: screen -dmS haha /usr/sbin/tcpdump -nnvi any -vvv ‘tcp port 8360‘ -s 0 -B 65535 -C 100M -W 100 -w /data/tmp/{{ inventory_hostname }}.pcap
- name: check tcpdump task
shell: pgrep tcpdump标签:host task pkill web files src gzip oca log
原文地址:https://blog.51cto.com/slapping/2555577
