Hi,
I want to write a script that checks an interface with the snoop command, if there is no traffic in 10 minutes on port 123 from the ip add 10.*.*.* it should send a e-mail.but i don't know how to start writing this script does anybody have an idea or an sample script that i can modifi.
Thanks in advance.
You have a couple of options as to how you interact with snoop, you can have it log to a file, then periodically look at that file, noting the timestamp of the most recent packet seen (some simple maths will then tell you if it's been more than 600 seconds), or you could open a filehandle to snoop and actually read from it's stdout and parse what it tells you.
The latter is more elegant but a tad more complex, the former is quick but you need to find a way to manage the temporary log size.
thanks for you answer
i was thinking the same to store a output file from snoop and then to analyze it but i make this script
if [ `snoop -c 50 -p 21 10.*.*.* 10.*.*.* | awk '/FTP/ {print $8}'` ]
then
echo "OK"
else
echo "Is not working (email will be send)"
fi
do you have a sample script ?