#! /usr/bin/python
#coding:utf-8
'''
# -------------------------------------------------------------------------------
# Filename: tcpdump.py
# Revision: 0.1
# Date: 2018/04/03
# Author: stivee
# Email: lxs@xdja.com
# Description: 采集网口数据,python2.7 ,epoll
# Notes: 启动:nohup python tcpdump.py > /dev/null 2>&1 &
# -------------------------------------------------------------------------------
'''
from select import *
import subprocess, os, time, fcntl, shutil
def tcpdump():
# tcpdump -i any -vv -XX -n -B 4096 -s 0 | sed 's/^[ ]*//g' | grep -E -v ^'0x' | grep -E 'cksum|seq'
cmd1 = ['tcpdump', '-i', 'any', '-vv', '-XX', '-n', '-B', '4096','-s', '0']
cmd2 = ['sed', 's/^[ ]*//g']
cmd3 = ['grep', '--line-buffered', '-a', '-E', '-v', '^0x']
cmd4 = ['grep', '--line-buffered', '-a', '-E', 'cksum|seq']
pipe1 = subprocess.Popen(cmd1, stdout=subprocess.PIPE)
pipe2 = subprocess.Popen(cmd2, stdout=subprocess.PIPE, stdin=pipe1.stdout)
pipe3 = subprocess.Popen(cmd3, stdout=subprocess.PIPE, stdin=pipe2.stdout)
pipe = subprocess.Popen(cmd4, stdout=subprocess.PIPE, stdin=pipe3.stdout)
flags = fcntl.fcntl(pipe.stdout.fileno(), fcntl.F_GETFL)
fcntl.fcntl(pipe.stdout.fileno(), fcntl.F_SETFL, (flags | os.O_NDELAY | os.O_NONBLOCK))
return pipe
def poll_tcpdump(proc):
txt = None
while True:
epoll_instance = epoll()
epoll_instance.register(proc.stdout.fileno(),EPOLLIN|EPOLLET)
epoll_list = epoll_instance.poll(1)
if not len(epoll_list):
break
try:
for line in iter(proc.stdout.readline, ""):
if txt is None:
txt = ''
txt += time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) + " " + line
except Exception as e:
print e
pass
break
return txt
proc = tcpdump()
while True:
text = poll_tcpdump(proc)
filesize = os.path.getsize('/home/logs/tcpdump.log')
if filesize > 1024000000:
shutil.move('/home/logs/tcpdump.log','/home/logs/tcpdump.logbak')
if text:
with open("/home/logs/tcpdump.log","a") as f:
f.write(text)
#print ">>>>",text