Redis Sniffer is a packet capture and filter utility geared toward capturing and logging both ingress and egress Redis traffic going across a specific interface on a specific port.
v1.1.0 introduces a debug mode that will capture and log raw ethernet and tcp packets. Redis command filtering has also been implemented, allowing for only specified redis commands to be logged.
*nix - Debian/Ubuntu/Mint - pip
sudo apt-get install libpcap-dev
pip install redis-sniffer*nix - Debian/Ubuntu/Mint - apt
// Add our apt key
wget -O - http://apt.eternalprojects.com/conf/apt.eternalprojects.com.gpg.key|apt-key add -
// add our repo to your source list
echo "deb http://apt.eternalprojects.com/ stable main" >> /etc/apt/sources.list
sudo apt-get udpate
sudo apt-get install libpcap-dev redis-sniffer*nix - Redhat/CentOS
sudo yum install libpcap-devel
pip install redis-snifferRedis Sniffer binds to a network interface and analyzes the traffic that is crossing that interface on a specified port. The most basic usage can be seen here:
# format: redis-sniffer -i <interface> -p <port>
sudo redis-sniffer -i bond0 -p 6379# log all redis traffic on port 6379 crossing bond0 interface and have logs written to the /var/log/redis-sniffer folder.
sudo redis-sniffer -i bond0 -p 6379 --out /var/log/redis-sniffer
# log only select redis commands; -f allows a comma separated list of redis commands to filter and log. When using the -f flag, each filtered command will be logged to its own file.
sudo redis-sniffer -i bond0 -p 6379 --out /var/log/redis-sniffer -f select
#other options
-l [full,event,debug] - The level of logging, defaults to full
-el, --event-log - The name of the file that redis events are logged to
-fl, --full-log - The name of the file that all traffic is logged to
--append - A suffix to append to the log file names created when using filters