Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Silver

Script to stop and start a capture point

Is it possible to write a script that would start a capture point and then stop it after 5 minutes and then export it to a tftp server, then again wait for few minutes to re-start the capture point and repeat the whole process again?

 

We need to capture data on one of our routers for more than 24 hours and with the amount of memory available on the router and traffic it's not possible. I understand with the approach above we will lose some data, but that's not a big deal.

 

Please let me know if this can be done or if there is better way of accomplishing this.

 

Thanks!

3 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Purple

Re: Script to stop and start a capture point

Hi

You'll need to use kon and eem.
I'm on my iPhone right now but if you need to have config samples, let me know and I'll build you something.
What you'll need to do is create a task to start a capture with a recurring time of 7 min (why 7min: the capture starts and run for 5 min, then you transfer your file and re-run the capture start).
For the second schedule, it'll be for stopping and exciting the capture, with a recurring time of 7 min (2 min waiting from the 1st kron and 5 min to wait the script run before stopping it)

Is that clear?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Highlighted
VIP Purple

Re: Script to stop and start a capture point

Hi
below 2 examples, 1 using EEM and 1 using KRON

event manager applet START
event timer cron cron-entry "*/5 * * * *"
action 1.0 cli command "enable"
action 2.0 cli command "monitor capture point start CAP1"

event manager applet STOP
event timer cron cron-entry "*/10 * * * *"
action 1.0 cli command "enable"
action 2.0 cli command "monitor capture point stop CAP1"
action 3.0 cli command "monitor capture buffer BUF1 export ftp://user:pwd@x.x.x.x/CAP.pcap"


OR

kron policy-list STARTCAP
cli monitor capture point start CAP1
kron policy-list STOPCAP
cli monitor capture point stop CAP1
cli monitor capture buffer BUF1 export ftp://user:pwd@x.x.x.x/CAP.pcap
!
kron occurrence START in 5 recurring
policy-list STARTCAP
!
kron occurrence STOP in 10 recurring
policy-list STOPCAP

However, the name of the pcap file is always the same. If you want to increment a value on the name you'll need to use tcl scripts

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Cisco Employee

Re: Script to stop and start a capture point

This is certainly possible with EEM.  In fact, I've written a Tcl example of how to do the digital packet recorder with EPC and EEM.  Have a look at https://supportforums.cisco.com/t5/network-infrastructure-documents/a-digital-packet-recorder-for-your-router/ta-p/3154423 and see if you can modify this to meet your needs.

6 REPLIES
VIP Purple

Re: Script to stop and start a capture point

Hi

You'll need to use kon and eem.
I'm on my iPhone right now but if you need to have config samples, let me know and I'll build you something.
What you'll need to do is create a task to start a capture with a recurring time of 7 min (why 7min: the capture starts and run for 5 min, then you transfer your file and re-run the capture start).
For the second schedule, it'll be for stopping and exciting the capture, with a recurring time of 7 min (2 min waiting from the 1st kron and 5 min to wait the script run before stopping it)

Is that clear?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Silver

Re: Script to stop and start a capture point

I see what you are saying and makes sense. I will try this in morning, in the meantime if you share a sample that would be great if time permits. Anyways I will in the morning and let you know how it went.

Thanks!!
VIP Purple

Re: Script to stop and start a capture point

Ok let me know. I'll have some time tomorrow and be able to do something for you.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Highlighted
VIP Purple

Re: Script to stop and start a capture point

Hi
below 2 examples, 1 using EEM and 1 using KRON

event manager applet START
event timer cron cron-entry "*/5 * * * *"
action 1.0 cli command "enable"
action 2.0 cli command "monitor capture point start CAP1"

event manager applet STOP
event timer cron cron-entry "*/10 * * * *"
action 1.0 cli command "enable"
action 2.0 cli command "monitor capture point stop CAP1"
action 3.0 cli command "monitor capture buffer BUF1 export ftp://user:pwd@x.x.x.x/CAP.pcap"


OR

kron policy-list STARTCAP
cli monitor capture point start CAP1
kron policy-list STOPCAP
cli monitor capture point stop CAP1
cli monitor capture buffer BUF1 export ftp://user:pwd@x.x.x.x/CAP.pcap
!
kron occurrence START in 5 recurring
policy-list STARTCAP
!
kron occurrence STOP in 10 recurring
policy-list STOPCAP

However, the name of the pcap file is always the same. If you want to increment a value on the name you'll need to use tcl scripts

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Cisco Employee

Re: Script to stop and start a capture point

This is certainly possible with EEM.  In fact, I've written a Tcl example of how to do the digital packet recorder with EPC and EEM.  Have a look at https://supportforums.cisco.com/t5/network-infrastructure-documents/a-digital-packet-recorder-for-your-router/ta-p/3154423 and see if you can modify this to meet your needs.

Silver

Re: Script to stop and start a capture point

Thank you both for the comments and scripts. I haven't got a chance to test the script because I ended it up doing it manually as there was a change in schedule. I will be testing it in the next few days so I won't have to do it manually in future. I will let you guys know when I am done testing.

 

 

1120
Views
5
Helpful
6
Replies
CreatePlease to create content