Frank Shute wrote:
On Sat, May 23, 2009 at 08:52:14PM +0100, Frank Shute wrote:


I was thinking of using the -C and -w options to tcpdump(1). From the
manpage:

-C     Before  writing  a  raw  packet to a savefile, check whether the
    file is currently larger than file_size and, if  so,  close  the
    current  savefile and open a new one.  Savefiles after the first
    savefile will have the name specified with the -w flag,  with  a
    number after it, starting at 1 and continuing upward.  The units
    of  file_size  are  millions  of  bytes  (1,000,000  bytes,  not
    1,048,576 bytes).

and now looking at it more closely, you don't even have to use
newsyslog. Just include the args: -C 10000000 -w my_tcpdump_log

Oops! should be: -C 10 -w my_tcpdump_log

I assume the OP is not too bothered whether it's megabytes or
mebibytes or whatever the hell they call them (using base 10 rather
than 2).

Hmmm... so when I said "tcpdump(1) doesn't have options to support rotating
dump files based on size" I was in fact *completely* wrong.  Memo to self:
RTFM.

Sorry for the noise folks.  Given it's a built-in function please ignore all
my blethering about shell scripts.

        Cheers,

        Matthew

--
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                 Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                 Kent, CT11 9PW

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to