Difference between revisions of "HowTo Configure and Run a Ring Buffer Capture Session Using: "nstringbufcap""
(→Overview) |
(→Overview) |
||
| Line 3: | Line 3: | ||
[[File:Thunderbolt.png|frame|left|'''[[Feature Release Symbol | <center>NST 24<br /> SVN: 8165</center>]]''']]A new NST script: "'''[http://nst.sourceforge.net/nst/docs/scripts/nstringbufcap.html nstringbufcap]'''" has been developed with '''NST 24''' for managing one or more network packet capture sessions that utilize a ring buffer storage mechanism. This capability allows one to capture network traffic pre and post some controlled event. Currently, an '''[[NST_Network_Interface_Bandwidth_Monitor_2 | NST Network Interface Bandwidth Monitor 2]]''' '''[[NST_Network_Interface_Bandwidth_Monitor_2#Threshold_Pause_State_Notification_Execs | Threshold Pause State Notification Execs template]]''': "'''/etc/nst/notifications/bwmon/tp_state_nstringbufcap_snapwuimerge.template'''" is provided for snapping a capture when a '''Pause''' event occurs and then the NST WUI Single-Tap Network Packet Capture page can be used for capture decode and analysis. | [[File:Thunderbolt.png|frame|left|'''[[Feature Release Symbol | <center>NST 24<br /> SVN: 8165</center>]]''']]A new NST script: "'''[http://nst.sourceforge.net/nst/docs/scripts/nstringbufcap.html nstringbufcap]'''" has been developed with '''NST 24''' for managing one or more network packet capture sessions that utilize a ring buffer storage mechanism. This capability allows one to capture network traffic pre and post some controlled event. Currently, an '''[[NST_Network_Interface_Bandwidth_Monitor_2 | NST Network Interface Bandwidth Monitor 2]]''' '''[[NST_Network_Interface_Bandwidth_Monitor_2#Threshold_Pause_State_Notification_Execs | Threshold Pause State Notification Execs template]]''': "'''/etc/nst/notifications/bwmon/tp_state_nstringbufcap_snapwuimerge.template'''" is provided for snapping a capture when a '''Pause''' event occurs and then the NST WUI Single-Tap Network Packet Capture page can be used for capture decode and analysis. | ||
| − | The '''nstringbufcap''' script has a specific mode used for installing and configuring a ring buffer capture session. Once install, a capture session can be started under the control of a '''[https://en.wikipedia.org/wiki/Systemd systemd] service'''. The life cycle of the capture session can then be controlled by a '''nstringbufcap''' mode that uses systemd control commands (i.e., '''systemctl'''). | + | The '''nstringbufcap''' script has a specific mode used for installing and configuring a ring buffer capture session. Once install, a capture session can be started under the control of a '''[https://en.wikipedia.org/wiki/Systemd systemd] service'''. The life cycle of the capture session can then be controlled by a '''nstringbufcap''' mode that uses systemd control commands (i.e., '''systemctl'''). At any point in time, a snapshot capture can be taking to preserve captured network traffic packets. |
| + | |||
| + | This page will describe the use of the '''nstringbufcap''' script by way of example use cases. | ||
Revision as of 16:28, 19 October 2016
Contents
Overview
A new NST script: "nstringbufcap" has been developed with NST 24 for managing one or more network packet capture sessions that utilize a ring buffer storage mechanism. This capability allows one to capture network traffic pre and post some controlled event. Currently, an NST Network Interface Bandwidth Monitor 2 Threshold Pause State Notification Execs template: "/etc/nst/notifications/bwmon/tp_state_nstringbufcap_snapwuimerge.template" is provided for snapping a capture when a Pause event occurs and then the NST WUI Single-Tap Network Packet Capture page can be used for capture decode and analysis.
The nstringbufcap script has a specific mode used for installing and configuring a ring buffer capture session. Once install, a capture session can be started under the control of a systemd service. The life cycle of the capture session can then be controlled by a nstringbufcap mode that uses systemd control commands (i.e., systemctl). At any point in time, a snapshot capture can be taking to preserve captured network traffic packets.
This page will describe the use of the nstringbufcap script by way of example use cases.
