Date: Sun, 24 May 2009 07:49:22 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: =?ISO-8859-1?Q?Morgan_Wesstr=F6m?= <freebsd-questions@pp.dyndns.biz>, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: how to rotate a tcpdump file Message-ID: <4A18EDF2.4020103@infracaninophile.co.uk> In-Reply-To: <20090523200422.GB72411@melon.esperance-linux.co.uk> References: <852FCD4FD0834115930F3DB05ADB7F3C@desktop2002> <20090523160452.GA71919@melon.esperance-linux.co.uk> <4A1831CD.6080505@pp.dyndns.biz> <20090523195214.GA72411@melon.esperance-linux.co.uk> <20090523200422.GB72411@melon.esperance-linux.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig77008F4D1D86B220EEED1CF3
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Frank Shute wrote:
> On Sat, May 23, 2009 at 08:52:14PM +0100, Frank Shute wrote:
>> I was thinking of using the -C and -w options to tcpdump(1). From the
>> manpage:
>>
>> -C Before writing a raw packet to a savefile, check whether th=
e
>> file is currently larger than file_size and, if so, close the
>> current savefile and open a new one. Savefiles after the first
>> savefile will have the name specified with the -w flag, with a
>> number after it, starting at 1 and continuing upward. The units
>> of file_size are millions of bytes (1,000,000 bytes, not
>> 1,048,576 bytes).
>>
>> and now looking at it more closely, you don't even have to use
>> newsyslog. Just include the args: -C 10000000 -w my_tcpdump_log
>=20
> Oops! should be: -C 10 -w my_tcpdump_log
>=20
> I assume the OP is not too bothered whether it's megabytes or
> mebibytes or whatever the hell they call them (using base 10 rather
> than 2).
Hmmm... so when I said "tcpdump(1) doesn't have options to support rotati=
ng
dump files based on size" I was in fact *completely* wrong. Memo to self=
:
RTFM.
Sorry for the noise folks. Given it's a built-in function please ignore =
all
my blethering about shell scripts.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enig77008F4D1D86B220EEED1CF3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREIAAYFAkoY7fcACgkQ8Mjk52CukIz/RQCgjsZJk8GTTPAP2ycryMPHm6q7
z00AmwZs6KVAbi/WIDMEyRUkz3Sb6HUa
=Frl1
-----END PGP SIGNATURE-----
--------------enig77008F4D1D86B220EEED1CF3--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A18EDF2.4020103>