| [411] | 1 | <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>log2pcap</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="log2pcap.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>log2pcap — Extract network traces from Samba log files</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="literal">log2pcap</code> [-h] [-q] [logfile] [pcap_file]</p></div></div><div class="refsect1" lang="en"><a name="id2522947"></a><h2>DESCRIPTION</h2><p>This tool is part of the <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p><code class="literal">log2pcap</code> reads in a
|
|---|
| [368] | 2 | samba log file and generates a pcap file (readable
|
|---|
| 3 | by most sniffers, such as ethereal or tcpdump) based on the packet
|
|---|
| 4 | dumps in the log file.</p><p>The log file must have a <em class="parameter"><code>log level</code></em>
|
|---|
| 5 | of at least <code class="constant">5</code> to get the SMB header/parameters
|
|---|
| 6 | right, <code class="constant">10</code> to get the first 512 data bytes of the
|
|---|
| 7 | packet and <code class="constant">50</code> to get the whole packet.
|
|---|
| [411] | 8 | </p></div><div class="refsect1" lang="en"><a name="id2483364"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-h</span></dt><dd><p>If this parameter is
|
|---|
| [368] | 9 | specified the output file will be a
|
|---|
| 10 | hex dump, in a format that is readable
|
|---|
| 11 | by the <span class="application">text2pcap</span> utility.</p></dd><dt><span class="term">-q</span></dt><dd><p>Be quiet. No warning messages about missing
|
|---|
| 12 | or incomplete data will be given.</p></dd><dt><span class="term">logfile</span></dt><dd><p>
|
|---|
| 13 | Samba log file. log2pcap will try to read the log from stdin
|
|---|
| 14 | if the log file is not specified.
|
|---|
| 15 | </p></dd><dt><span class="term">pcap_file</span></dt><dd><p>
|
|---|
| 16 | Name of the output file to write the pcap (or hexdump) data to.
|
|---|
| 17 | If this argument is not specified, output data will be written
|
|---|
| 18 | to stdout.
|
|---|
| 19 | </p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
|
|---|
| [411] | 20 | </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id2483565"></a><h2>EXAMPLES</h2><p>Extract all network traffic from all samba log files:</p><pre class="programlisting">
|
|---|
| [368] | 21 | <code class="prompt">$</code> log2pcap < /var/log/* > trace.pcap
|
|---|
| 22 | </pre><p>Convert to pcap using text2pcap:</p><pre class="programlisting">
|
|---|
| 23 | <code class="prompt">$</code> log2pcap -h samba.log | text2pcap -T 139,139 - trace.pcap
|
|---|
| [411] | 24 | </pre></div><div class="refsect1" lang="en"><a name="id2483606"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id2483617"></a><h2>BUGS</h2><p>Only SMB data is extracted from the samba logs, no LDAP,
|
|---|
| [368] | 25 | NetBIOS lookup or other data.</p><p>The generated TCP and IP headers don't contain a valid
|
|---|
| [411] | 26 | checksum.</p></div><div class="refsect1" lang="en"><a name="id2483633"></a><h2>SEE ALSO</h2><p><a class="citerefentry" href="text2pcap.1.html"><span class="citerefentry"><span class="refentrytitle">text2pcap</span>(1)</span></a>, <a class="citerefentry" href="ethereal.1.html"><span class="citerefentry"><span class="refentrytitle">ethereal</span>(1)</span></a></p></div><div class="refsect1" lang="en"><a name="id2483656"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
|
|---|
| [368] | 27 | were created by Andrew Tridgell. Samba is now developed
|
|---|
| 28 | by the Samba Team as an Open Source project similar
|
|---|
| 29 | to the way the Linux kernel is developed.</p><p>This manpage was written by Jelmer Vernooij.</p></div></div></body></html>
|
|---|
