Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 24 May 2009 07:49:22 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        =?ISO-8859-1?Q?Morgan_Wesstr=F6m?= <freebsd-questions@pp.dyndns.biz>, FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: how to rotate a tcpdump file
Message-ID:  <4A18EDF2.4020103@infracaninophile.co.uk>
In-Reply-To: <20090523200422.GB72411@melon.esperance-linux.co.uk>
References:  <852FCD4FD0834115930F3DB05ADB7F3C@desktop2002>	<20090523160452.GA71919@melon.esperance-linux.co.uk>	<4A1831CD.6080505@pp.dyndns.biz>	<20090523195214.GA72411@melon.esperance-linux.co.uk> <20090523200422.GB72411@melon.esperance-linux.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
Frank Shute wrote:
> On Sat, May 23, 2009 at 08:52:14PM +0100, Frank Shute wrote:

>> I was thinking of using the -C and -w options to tcpdump(1). From the
>> manpage:
>>
>> -C     Before  writing  a  raw  packet to a savefile, check whether the
>>     file is currently larger than file_size and, if  so,  close  the
>>     current  savefile and open a new one.  Savefiles after the first
>>     savefile will have the name specified with the -w flag,  with  a
>>     number after it, starting at 1 and continuing upward.  The units
>>     of  file_size  are  millions  of  bytes  (1,000,000  bytes,  not
>>     1,048,576 bytes).
>>
>> and now looking at it more closely, you don't even have to use
>> newsyslog. Just include the args: -C 10000000 -w my_tcpdump_log
> 
> Oops! should be: -C 10 -w my_tcpdump_log
> 
> I assume the OP is not too bothered whether it's megabytes or
> mebibytes or whatever the hell they call them (using base 10 rather
> than 2).

Hmmm... so when I said "tcpdump(1) doesn't have options to support rotating
dump files based on size" I was in fact *completely* wrong.  Memo to self:
RTFM.

Sorry for the noise folks.  Given it's a built-in function please ignore all
my blethering about shell scripts.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW


[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkoY7fcACgkQ8Mjk52CukIz/RQCgjsZJk8GTTPAP2ycryMPHm6q7
z00AmwZs6KVAbi/WIDMEyRUkz3Sb6HUa
=Frl1
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A18EDF2.4020103>