0

I need to save mirrored traffic for audit purposes. Traffic for audited server is send to other server. I need to capture that traffic on dedicated interface, save it to pcap files of reasonable scope (rotation by date/size), and (may be) upload and purge them.

I can glue together some bash and tcpdump inside systemd unit, but, may be, there is a ready-made solution for that?

George Shuklin
  • 296
  • 2
  • 11

1 Answers1

0

As your requirement is not really clear the suggestion may not fit, but I do recommend to look into ntop. Eventually it provides a solution for your use-case. For packet capturing it uses libpcap which is also used within tcpdump.

https://www.ntop.org/

hargut
  • 3,908
  • 7
  • 10