tcpdump output to Log file in human readable text format and Rotating the Log file using Logrotate

Spread the love

tcpdump_to_Capture_sip_and_rtp_traffic

 

Sniffing on Network for SIP traffic and storing them Text file :

Here we are trying to write the output of the TCPDUMP  into one text file, I know we have the option -w  which will write the data into the PCAP file but it is writing data in the binary format. But I wanted to have text format.

We also have many other applications which will generate CDR’s but I just wanted to have only REGISTRATION status of all phones in my LAN. All are connected to different Servers and providers.

So better approach is to redirect the TCPDUMP output one file using redirection operator ( >  ) then rotate the file every 30 seconds using the logrotate utility of Linux system

We are going to run one python script which will act as a scheduler, It will rotate the LOG file for every 30 seconds.  Then we will apply our parse_register.py  logic on this file

Once we get the registration data, We will write those results into SQLite3  then we just remove the parsed file.

Log Rotate Option for REGISTER Monitoring :

Now to rotate the log file using the following command :

We need to run above log rotate command for every 30 seconds. I am thinking of using Python Scheduler instead of cron.

TCPDUMP command to write the data into TEXT FILE :

Here is my flow :

First of all, starting the tcpdump  using the following command. Make sure to run it as the daemon.

Now tcpdump  will write the trace to /tmp/sip/trace  file

In the next 30 seconds, our python scheduler will call the following logrotate  command

which will look at the sip_trace.conf  file and if the /tmp/sip/trace  exceded 10K size then it will create one new file named trace.1  under the same folder and moves the trace  data into trace.1  and truncates the trace file.

Now we have two files, one is trace  and another one is trace.1 , Here trace.1  contains all our data.

After running the LOGROTATE, Our python script takes the trace.1  file and parses that file for registrations and stores the data into the SQLITE3. Then it will delete the trace.1 file from that folder.

In the next 30 seconds, Python scheduler will run the logrotate, creates trace.1  file and same process repeats.

 

Update:  It’s working fine. I am able to store all registrations into SQLite3 database.

 

Venkatesh Macha

Hi Guys, I am Venkatesh Macha. I am a programmer, Presently working as a Software Engineer. I love Linux and Open Source. Apart from that, I love to explore new technologies and things.

You may also like...

Leave a Reply