> On 1/06/2017, at 9:24 AM, Jeff LaCoursiere <j...@jeff.net> wrote: > > On 05/31/2017 04:13 PM, Steve Edwards wrote: >> On Wed, 31 May 2017, Barry Flanagan wrote: >> >>> sngrep >> >> Isn't sngrep a great tool? Since discovering it my use of tcpdump/wireshark >> has cratered. >> >> Being able to compare an INVITE that worked with one that didn't (with color >> highlighting) rocks. > > On sites where I want an always available packet history I use tcpdump with > the -C and -W options to manage a ring buffer of X bytes. Then you can use > cool tools like sngrep or really anything that operates on pcap files at whim. > > Cheers,
Heya Steve I use the same Jeff recommended. Eg this command would capture SIP traffic in capture files up to 100Mbytes each, with a maximum of 10 files in play and overwriting the oldest automatically: tcpdump -i eth0 -w rollingSIPtrace. -C 100 -W 10 port 5060 Eventually you'd end up with files called 'rollingSIPtrace.00' through to 'rollingSIPtrace.09', and when rollingSIPtrace.09 reaches 100MB, overwriting of rollingSIPtrace.00 (then rollingSIPtrace.01 etc) would commence. Does that achieve your goal? Or was the problem that if your server restarts and the command auto-executes at boot time then the first file overwritten will be rollingSIPtrace.00, not necessarily whichever file was the last modified? Pete
signature.asc
Description: Message signed with OpenPGP
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users