source: trunk/server/docs/manpages/log2pcap.1@ 639

Last change on this file since 639 was 620, checked in by Herwig Bauernfeind, 14 years ago

Samba 3.5: Update trunk to 3.5.11

File size: 2.9 KB
Line 
1'\" t
2.\" Title: log2pcap
3.\" Author: [see the "AUTHOR" section]
4.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
5.\" Date: 08/02/2011
6.\" Manual: User Commands
7.\" Source: Samba 3.5
8.\" Language: English
9.\"
10.TH "LOG2PCAP" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
11.\" -----------------------------------------------------------------
12.\" * set default formatting
13.\" -----------------------------------------------------------------
14.\" disable hyphenation
15.nh
16.\" disable justification (adjust text to left margin only)
17.ad l
18.\" -----------------------------------------------------------------
19.\" * MAIN CONTENT STARTS HERE *
20.\" -----------------------------------------------------------------
21.SH "NAME"
22log2pcap \- Extract network traces from Samba log files
23.SH "SYNOPSIS"
24.HP \w'\ 'u
25log2pcap [\-h] [\-q] [logfile] [pcap_file]
26.SH "DESCRIPTION"
27.PP
28This tool is part of the
29\fBsamba\fR(7)
30suite\&.
31.PP
32log2pcap
33reads in a samba log file and generates a pcap file (readable by most sniffers, such as ethereal or tcpdump) based on the packet dumps in the log file\&.
34.PP
35The log file must have a
36\fIlog level\fR
37of at least
38\fB5\fR
39to get the SMB header/parameters right,
40\fB10\fR
41to get the first 512 data bytes of the packet and
42\fB50\fR
43to get the whole packet\&.
44.SH "OPTIONS"
45.PP
46\-h
47.RS 4
48If this parameter is specified the output file will be a hex dump, in a format that is readable by the
49text2pcap
50utility\&.
51.RE
52.PP
53\-q
54.RS 4
55Be quiet\&. No warning messages about missing or incomplete data will be given\&.
56.RE
57.PP
58logfile
59.RS 4
60Samba log file\&. log2pcap will try to read the log from stdin if the log file is not specified\&.
61.RE
62.PP
63pcap_file
64.RS 4
65Name of the output file to write the pcap (or hexdump) data to\&. If this argument is not specified, output data will be written to stdout\&.
66.RE
67.PP
68\-h|\-\-help
69.RS 4
70Print a summary of command line options\&.
71.RE
72.SH "EXAMPLES"
73.PP
74Extract all network traffic from all samba log files:
75.PP
76.if n \{\
77.RS 4
78.\}
79.nf
80 $ log2pcap < /var/log/* > trace\&.pcap
81
82.fi
83.if n \{\
84.RE
85.\}
86.PP
87Convert to pcap using text2pcap:
88.PP
89.if n \{\
90.RS 4
91.\}
92.nf
93 $ log2pcap \-h samba\&.log | text2pcap \-T 139,139 \- trace\&.pcap
94
95.fi
96.if n \{\
97.RE
98.\}
99.SH "VERSION"
100.PP
101This man page is correct for version 3 of the Samba suite\&.
102.SH "BUGS"
103.PP
104Only SMB data is extracted from the samba logs, no LDAP, NetBIOS lookup or other data\&.
105.PP
106The generated TCP and IP headers don\'t contain a valid checksum\&.
107.SH "SEE ALSO"
108.PP
109\fBtext2pcap\fR(1),
110\fBethereal\fR(1)
111.SH "AUTHOR"
112.PP
113The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
114.PP
115This manpage was written by Jelmer Vernooij\&.
Note: See TracBrowser for help on using the repository browser.