source: branches/samba-3.2.x/docs/manpages/log2pcap.1@ 770

Last change on this file since 770 was 340, checked in by Herwig Bauernfeind, 16 years ago

Update 3.2 to 3.2.15 (security update)

File size: 6.5 KB
Line 
1.\" Title: log2pcap
2.\" Author: [see the "AUTHOR" section]
3.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
4.\" Date: 09/30/2009
5.\" Manual: User Commands
6.\" Source: Samba 3.2
7.\" Language: English
8.\"
9.TH "LOG2PCAP" "1" "09/30/2009" "Samba 3\&.2" "User Commands"
10.\" -----------------------------------------------------------------
11.\" * (re)Define some macros
12.\" -----------------------------------------------------------------
13.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
14.\" toupper - uppercase a string (locale-aware)
15.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
16.de toupper
17.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
18\\$*
19.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
20..
21.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22.\" SH-xref - format a cross-reference to an SH section
23.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
24.de SH-xref
25.ie n \{\
26.\}
27.toupper \\$*
28.el \{\
29\\$*
30.\}
31..
32.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
33.\" SH - level-one heading that works better for non-TTY output
34.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
35.de1 SH
36.\" put an extra blank line of space above the head in non-TTY output
37.if t \{\
38.sp 1
39.\}
40.sp \\n[PD]u
41.nr an-level 1
42.set-an-margin
43.nr an-prevailing-indent \\n[IN]
44.fi
45.in \\n[an-margin]u
46.ti 0
47.HTML-TAG ".NH \\n[an-level]"
48.it 1 an-trap
49.nr an-no-space-flag 1
50.nr an-break-flag 1
51\." make the size of the head bigger
52.ps +3
53.ft B
54.ne (2v + 1u)
55.ie n \{\
56.\" if n (TTY output), use uppercase
57.toupper \\$*
58.\}
59.el \{\
60.nr an-break-flag 0
61.\" if not n (not TTY), use normal case (not uppercase)
62\\$1
63.in \\n[an-margin]u
64.ti 0
65.\" if not n (not TTY), put a border/line under subheading
66.sp -.6
67\l'\n(.lu'
68.\}
69..
70.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
71.\" SS - level-two heading that works better for non-TTY output
72.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
73.de1 SS
74.sp \\n[PD]u
75.nr an-level 1
76.set-an-margin
77.nr an-prevailing-indent \\n[IN]
78.fi
79.in \\n[IN]u
80.ti \\n[SN]u
81.it 1 an-trap
82.nr an-no-space-flag 1
83.nr an-break-flag 1
84.ps \\n[PS-SS]u
85\." make the size of the head bigger
86.ps +2
87.ft B
88.ne (2v + 1u)
89.if \\n[.$] \&\\$*
90..
91.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
92.\" BB/BE - put background/screen (filled box) around block of text
93.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
94.de BB
95.if t \{\
96.sp -.5
97.br
98.in +2n
99.ll -2n
100.gcolor red
101.di BX
102.\}
103..
104.de EB
105.if t \{\
106.if "\\$2"adjust-for-leading-newline" \{\
107.sp -1
108.\}
109.br
110.di
111.in
112.ll
113.gcolor
114.nr BW \\n(.lu-\\n(.i
115.nr BH \\n(dn+.5v
116.ne \\n(BHu+.5v
117.ie "\\$2"adjust-for-leading-newline" \{\
118\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
119.\}
120.el \{\
121\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
122.\}
123.in 0
124.sp -.5v
125.nf
126.BX
127.in
128.sp .5v
129.fi
130.\}
131..
132.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
133.\" BM/EM - put colored marker in margin next to block of text
134.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
135.de BM
136.if t \{\
137.br
138.ll -2n
139.gcolor red
140.di BX
141.\}
142..
143.de EM
144.if t \{\
145.br
146.di
147.ll
148.gcolor
149.nr BH \\n(dn
150.ne \\n(BHu
151\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
152.in 0
153.nf
154.BX
155.in
156.fi
157.\}
158..
159.\" -----------------------------------------------------------------
160.\" * set default formatting
161.\" -----------------------------------------------------------------
162.\" disable hyphenation
163.nh
164.\" disable justification (adjust text to left margin only)
165.ad l
166.\" -----------------------------------------------------------------
167.\" * MAIN CONTENT STARTS HERE *
168.\" -----------------------------------------------------------------
169.SH "Name"
170log2pcap \- Extract network traces from Samba log files
171.SH "Synopsis"
172.fam C
173.HP \w'\ 'u
174\FClog2pcap\F[] [\-h] [\-q] [logfile] [pcap_file]
175.fam
176.SH "DESCRIPTION"
177.PP
178This tool is part of the
179\fBsamba\fR(7)
180suite\&.
181.PP
182\FClog2pcap\F[]
183reads in a samba log file and generates a pcap file (readable by most sniffers, such as ethereal or tcpdump) based on the packet dumps in the log file\&.
184.PP
185The log file must have a
186\fIlog level\fR
187of at least
188\fB5\fR
189to get the SMB header/parameters right,
190\fB10\fR
191to get the first 512 data bytes of the packet and
192\fB50\fR
193to get the whole packet\&.
194.SH "OPTIONS"
195.PP
196\-h
197.RS 4
198If this parameter is specified the output file will be a hex dump, in a format that is readable by the
199text2pcap
200utility\&.
201.RE
202.PP
203\-q
204.RS 4
205Be quiet\&. No warning messages about missing or incomplete data will be given\&.
206.RE
207.PP
208logfile
209.RS 4
210Samba log file\&. log2pcap will try to read the log from stdin if the log file is not specified\&.
211.RE
212.PP
213pcap_file
214.RS 4
215Name of the output file to write the pcap (or hexdump) data to\&. If this argument is not specified, output data will be written to stdout\&.
216.RE
217.PP
218\-h|\-\-help
219.RS 4
220Print a summary of command line options\&.
221.RE
222.SH "EXAMPLES"
223.PP
224Extract all network traffic from all samba log files:
225.PP
226.if n \{\
227.RS 4
228.\}
229.fam C
230.ps -1
231.nf
232.if t \{\
233.sp -1
234.\}
235.BB lightgray adjust-for-leading-newline
236.sp -1
237
238 \FC$\F[] log2pcap < /var/log/* > trace\&.pcap
239
240.EB lightgray adjust-for-leading-newline
241.if t \{\
242.sp 1
243.\}
244.fi
245.fam
246.ps +1
247.if n \{\
248.RE
249.\}
250.PP
251Convert to pcap using text2pcap:
252.PP
253.if n \{\
254.RS 4
255.\}
256.fam C
257.ps -1
258.nf
259.if t \{\
260.sp -1
261.\}
262.BB lightgray adjust-for-leading-newline
263.sp -1
264
265 \FC$\F[] log2pcap \-h samba\&.log | text2pcap \-T 139,139 \- trace\&.pcap
266
267.EB lightgray adjust-for-leading-newline
268.if t \{\
269.sp 1
270.\}
271.fi
272.fam
273.ps +1
274.if n \{\
275.RE
276.\}
277.SH "VERSION"
278.PP
279This man page is correct for version 3 of the Samba suite\&.
280.SH "BUGS"
281.PP
282Only SMB data is extracted from the samba logs, no LDAP, NetBIOS lookup or other data\&.
283.PP
284The generated TCP and IP headers don\'t contain a valid checksum\&.
285.SH "SEE ALSO"
286.PP
287\fBtext2pcap\fR(1),
288\fBethereal\fR(1)
289.SH "AUTHOR"
290.PP
291The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
292.PP
293This manpage was written by Jelmer Vernooij\&.
Note: See TracBrowser for help on using the repository browser.