I run a priviledged BNC service (for IRC) and I would like to monitor the contents of my users. For example, I was sent an email by the IRC network asking for evidence in which a user of my BNC service has spammed in the network. I have heard there is a command called 'tcpdump' which is able to listen and log all network data coming to and from any interface. I have tried it and it logs mostly garbage packets which I do not require and uses up a lot of disk space. I would like to know the command to listen to only certain keywords of phrases and log THAT data in, if possible, and if not then what software out there could I use for this purpose?