Ubuntu Manpage: daemonlogger — program capture packets from an interface and log or rewrite them

NAME

       daemonlogger — program capture packets from an interface and log or rewrite them

SYNOPSIS

       daemonlogger  [-c  count]   [-d]   [-f  bdf  file]  [-F]  [-g group name]  [-i interface]  [-l path]  [-m
       count]  [-m count]  [-M pct]  [-n name]  [-o out interface]  [-p pidfile]  [-P pidpath]  [-r]   [-R  pcap
       file]  [-s bytes]  [-S snaplen]  [-t time]  [-u user name]  [-T chroot path]  [bdf filter]

DESCRIPTION

       This manual page documents briefly the daemonlogger.

       This  manual  page  was  written for the Debian distribution because the original program does not have a
       manual page.

       daemonlogger is a simple packet logging and software tapping program that can be run both  in  foreground
       or in daemon mode.

       daemonlogger can be used in two different (and mutually exclusive) ways:

       Sniffing mode
                 In  this  mode,  daemonlogger will read (sniff) packets from a network interface and spool them
                 straight to disk. It will automatically roll over the capture file when it reaches  a  specific
                 size.

       Software tap
                 In  this  mode,  daemonlogger  will  read packets from an input interface and rewrite them to a
                 second (output) interface, acting as a software tap.

OPTIONS

You can specify packet filter commands after the command line switches just like in tcpdump or Snort. If
no filter is defined it will capture all packets coming to the interface.

A summary of available options is included below.

-h Show summary of options.

-v Show version of program.

-c count Log count packets and exit.

-d Daemonize at startup.

-f bdf file
Load the BPF filter to use from bdf file.

-F Flush the pcap buffer for each packet. As each packet is saved, it will be written to the
output file rather than being written only when the output buffer fills.

-g group name
Set the group ID of the process running the program to group name.

-i interface
Grab packets from the interface interface.

-l path Log all the pcap log files to directory path.

-m count Generate count log files and exit. If using Ringbufer mode then write files and delete the
oldest file in the set when you exceed log files written. The program will not exit when in
this mode.

-M pct Used in concert with the -r ringbuffer switch this option will write log files to the disk
until it is at pct utilization and then roll over and delete the oldest log file. For example,
"-M 90" would write files to the disk until it is 90% utilized and then roll over and delete
the oldest file in the logging directory. If the -s "size" switch is not set then the default
log file size is 2GB.

-n name Set output filename prefix to name. The default is daemonlogger.pcap.

-o out interface
Act as a software tap: disable logging and retransmit all data from interface to out
interface.

-p pidfile
When running in daemon mode, use pidfile for the name of the PID file created. The default is
daemonlogger.pid.

-P pidpath
When running in daemon mode, use pidpath as the directory where PID files will be created. The
default is /var/run.

-r Activate ringbuffer mode.

-R pcap file
Read packets from pcap file instead of using an input interface.

-s bytes Rollover the log file every bytes bytes. By default the rollover occurs every 2 GB. The
parameter bytes can be appended with "k" (for KiloBytes), "m" (for MegaBytes), "g" (for
Gigabytes) and "t" (for TeraBytes).

-S snaplen
Capture snaplen bytes per packet. If not defined, all the contents of the packets will be
captured (which is equivalent to setting snaplen to 65535 bytes.

-t time Rollover the log file on specific time intervals. The time interval can be appended with "m"
(for minutes), "h" (for hours) or "d" (for days). If no interval selector is used then the
default rollover interval is in seconds. For example, "-t 60" rolls the log file over every 60
seconds and "-t 2h" rolls the log file over every two hours at the top of the hour. In the case
of minute/hour/day-based rollovers, the will round to the next highest hour. For example, if
the program is told to rollover every 2 hours and is started 38 minutes into the current hour
it will add 2 to the current hour and rollover as scheduled at the top of the hour at + 2. If
the program was started at 13:38 it would roll over the logfile at 15:00.

-u user name
When daemonized, the process' user ID will be set to user name.

-T chroot path
Chroot directory to chroot path.

-z Select log file pruning behavior. Omitting this switch results in the default mode being used
where the oldest log file in the logging directory is pruned. Setting the -z switch changes
the behavior so that daemonlogger will prune the oldest file from its current instantiation and
leave files from older runs in the same logging directory alone.

AUTHOR

       This manual page was written by Javier Fernandez-Sanguino Pen~a jfs@debian.org for the Debian system (and
       may  be used by others).  Permission is granted to copy, distribute and/or modify this document under the
       terms of the GNU General Public License, Version 2 or any later version published by  the  Free  Software
       Foundation.

       On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-
       licenses/GPL.

                                                                                                 DAEMONLOGGER(8)

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

SEE ALSO

AUTHOR