From owner-freebsd-questions@FreeBSD.ORG Sat May 23 17:26:42 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6C82F106566B for ; Sat, 23 May 2009 17:26:42 +0000 (UTC) (envelope-from freebsd-questions@pp.dyndns.biz) Received: from proxy3.bredband.net (proxy3.bredband.net [195.54.101.73]) by mx1.freebsd.org (Postfix) with ESMTP id 214588FC16 for ; Sat, 23 May 2009 17:26:41 +0000 (UTC) (envelope-from freebsd-questions@pp.dyndns.biz) Received: from ironport.bredband.com (195.54.101.120) by proxy3.bredband.net (7.3.140.3) id 49F597CD00A0818D for freebsd-questions@freebsd.org; Sat, 23 May 2009 19:26:40 +0200 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AsYFAIbOF0pV4jp1PGdsb2JhbACBT5YKAQEBAboMhAsF X-IronPort-AV: E=Sophos;i="4.41,237,1241388000"; d="scan'208";a="522732874" Received: from c-753ae255.107-1-64736c10.cust.bredbandsbolaget.se (HELO gatekeeper.pp.dyndns.biz) ([85.226.58.117]) by ironport1.bredband.com with ESMTP; 23 May 2009 19:26:38 +0200 Received: from [192.168.69.67] (phobos [192.168.69.67]) by gatekeeper.pp.dyndns.biz (8.14.2/8.14.2) with ESMTP id n4NHQbA4066625 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 23 May 2009 19:26:37 +0200 (CEST) (envelope-from freebsd-questions@pp.dyndns.biz) Message-ID: <4A1831CD.6080505@pp.dyndns.biz> Date: Sat, 23 May 2009 19:26:37 +0200 From: =?ISO-8859-1?Q?Morgan_Wesstr=F6m?= User-Agent: Thunderbird 2.0.0.21 (X11/20090430) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <852FCD4FD0834115930F3DB05ADB7F3C@desktop2002> <20090523160452.GA71919@melon.esperance-linux.co.uk> In-Reply-To: <20090523160452.GA71919@melon.esperance-linux.co.uk> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: how to rotate a tcpdump file X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 May 2009 17:26:42 -0000 Frank Shute wrote: > On Sat, May 23, 2009 at 02:57:08PM +0300, Yavuz Ma?lak wrote: >> I wish tcpdump to rotate tcpdump file whose size reaches 10Mbyte. >> >> Which command should I use ? >> > > You should be able to set up newsyslog(8) to rotate the dumps. > > You want to have a look at newsyslog.conf(5) to craft a line to put in > your conf file. There are examples to work from in the conf file > already. > > Regards, Correct me if I'm wrong but wouldn't tcpdump have to be restarted after the logrotate? I'm under the impression that it would just continue to output to the old inode even if the file occupying it changes name and the restart functionality of newsyslog(8) isn't really bright enough to restart tcpdump with all its initial parameters. I'm using sysutils/cronolog for my Apache logs so I don't have to restart Apache at all for the logrotate. Unfortunately cronolog doesn't seem to have a size option to trigger the rotation though. Maybe there's another alternative for the OP? /Morgan