$ ls -al /tmp/*.log
-rw-r--r-- 1 root root 84003 Sep 1 14:35 /tmp/http-20190901.log
$ cat /tmp/http-20190901.log
2019-09-01 14:16:51.002 223.39.188.71#50905 10.140.0.2#80 CQ GET / HTTP/1.1 cloud.sukmoonlee.com Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36
2019-09-01 14:16:51.003 10.140.0.2#80 223.39.188.71#50905 CR HTTP/1.1 302 Found 0 text/html; charset=UTF-8
2019-09-01 14:17:00.573 10.140.0.2#57154 169.254.169.254#80 SQ GET /computeMetadata/v1/instance/virtual-clock/drift-token?timeout_sec=60&last_etag=c6a7bbfe995acc98&alt=json&recursive=False&wait_for_change=True HTTP/1.1 etadata.google.internal Python-urllib/2.7
2019-09-01 14:17:54.337 169.254.169.254#80 10.140.0.2#57152 SR HTTP/1.1 200 OK 3274 application/json
$
$ ./httplog -h
Usage of ./httplog:
-add_vlan
If true, add VLAN header
-b int
Interface buffersize (MB) (default 8)
-c int
If >= 0, # of packets to capture before returning (default -1)
-cpu int
Number of HTTP parsing goroutine (default 1)
-cpuprofile string
If non-empty, write CPU profile here
-d string
Write directory for log file (default "/log/httplog")
-i string
Interface to read from (default "eth0")
-log_every int
Write a every X packets stat (default 10000)
-log_split
If true, write a split log file (CQ, CR, SQ, SR)
-p int
http service port (default 80)
-s int
Snaplen, if <= 0, use 65535 (default 1560)
-v If true, show version
# yum install golang libpcap libpcap-devel
# git clone https://github.com/sukmoonlee/packetlog.git
# cd httplog
# go get
# go build -o httplog (or make.sh)
# vi start_httplog.sh
# ./start_httplog.sh start
