Thanks, I have a test script working correctly now. But the production script still doesnt, and I cant see the difference between the 2. The working script runs in cron on the same server every minute. It's definitely creating the 10 second cap file, I'd never know except the file cap.txt is always within 1 minute of system time. The bit at the end of the non-working script just sends the hourly cap file to another server for parsing and databasing, and cleans up after itself.
Test script works, successfully suppresses output (email to root):
Code:
#!/bin/bash
filename=/root/cap.txt
/usr/sbin/tcpdump -nvi eth1 -s 0 src port 1812 or dst port 1812 or dst port 1813 or dst port 1813 -X &> $filename &
cpid=$!
sleep 10
kill -9 $cpid 2>&1 > /dev/null
Production script still sends email to root:
Code:
#!/bin/bash
filename=/home/msbackup/r3.`date +%Y-%m-%d.%H%M`.txt
/usr/sbin/tcpdump -nvi eth1 -s 0 src port 1812 or dst port 1812 or dst port 1813 or dst port 1813 -X &> $filename &
cpid=$!
sleep 3620
kill -9 $cpid 2>&1 > /dev/null
su - msbackup -c "/home/msbackup/sendr3cap $filename"
rm -f $filename
email:
/root/r3cap/go: line 6: 32262 Killed /usr/sbin/tcpdump -nvi eth1 -s 0 src port 1812 or dst port 1812 or dst port 1813 or dst port 1813 -X >&$filename