Daniel Schwartz

Site Reliability Engineer

Menu
  • New? Start here!
  • Tutorials
    • Wireshark
    • Tcpdump
    • PCAP Analyzer for Splunk
  • Tools / Links
Menu

Start Your Packet Capture With Ansible

Posted on February 7, 2018September 12, 2020 by tcpdump-it.com

What is Ansible?

Ansible is an agentless open source automation tool used for configuration management and other purposes.
At the moment I also use it to collect diagnosis data.
Ansible is working via SSH and can connect to multiple server in parallel (from your source server). It connects to the remote sides and can executes single tasks or a list of tasks written in an so called “ansible-playbook”.

Why do I use Ansible?

While working on problems in a cluster with multiple nodes I started to get tired of connecting to every single instance, start the tcpdump, stop the tcpdump, download the data, etc..
I needed a solution like Ansible. It saves me the time I need for the analysis.

How to start a packet capture with Ansible?

At first you need to install and configure Ansible on your server. This will be your source server for the remote connections via SSH.
You can find all needed information in the Ansible Documentation: http://docs.ansible.com

For the installation and configuration you can follow the steps described here.

Once you are ready running the command “ansible-playbook” you can use my ansible-playbook to start a tcpdump on remote server.

You can start the playbook like: ansible-playbook tcpdump.yml –limit ‘Your-Group’ -u Your-User -k
It is written in a way that it will prompt you for the duration of seconds to run, the network interface on the remote server, the destination folder on the remote server and if needed you can set a capture filter.

After the tcpdump command is done, it will download the files from the remote server to your source server to “/export/tmp/ansible/”.
Of course you can change it according your needs.

Download my ansible playbook here: https://github.com/DanielSchwartz1/tcpdump/blob/master/tcpdump.yml

Summary

I started to use Ansible also for other tasks and it saves me a lot of time. Due to the fact it connects to the same time in parallel to multiple machines it is a very powerful tool in my role as Site Reliability Engineer.

If you want to know more about it, join my Slack Workspace or send me an email.

Stay up-to-date and subscribe to my Newsletter!

2 thoughts on “Start Your Packet Capture With Ansible”

  1. Pingback: Install And Configure Ansible To Start Your Packet Capture » tcpdump-it.com
  2. Maybe says:
    April 30, 2020 at 2:50 am

    wonderful

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Me

Send me a request on LinkedIn!

Send me a request on Xing!

Follow me on Twitter!

Find me on Github!

Popular Posts

  • 5 Useful Tips For Analyzing Wireshark Packet Captures
  • PCAP Analyzer for Splunk – Getting Started
  • Schedule TCPDUMP with CRON
  • How to take a java heapdump without downtime!
  • Capture Network Traffic With TCPDUMP

Recent Posts

  • How To Optimize Images For Your Website (WordPress)
  • Splunk Modular Input For Python2 And Python3
  • PCAP Analyzer for Splunk 4.2.0 – New Problem Detection Dashboard
  • How to take a java heapdump without downtime!
  • SCHWARTZDANIEL.COM – Domain Name Changed!

Topics

  • Ansible (2)
  • Java (1)
  • Others (1)
  • Python (1)
  • Slack (1)
  • Splunk (3)
  • Tcpdump (4)
  • Web Performance (1)
  • Wireshark (6)
  • Impressum
  • Data Privacy
© 2023 Daniel Schwartz | Powered by Minimalist Blog WordPress Theme
This website uses cookies. By continuing to browse the site, you are agreeing to our use of cookies
Please wait...

Subscribe to my newsletter

Want to be updated when a new article is published? Enter your email address and name below to be the first to know.
SIGN UP FOR NEWSLETTER NOW