Frank Shute wrote:
On Sat, May 23, 2009 at 08:52:14PM +0100, Frank Shute wrote:
I was thinking of using the -C and -w options to tcpdump(1). From the manpage: -C Before writing a raw packet to a savefile, check whether the file is currently larger than file_size and, if so, close the current savefile and open a new one. Savefiles after the first savefile will have the name specified with the -w flag, with a number after it, starting at 1 and continuing upward. The units of file_size are millions of bytes (1,000,000 bytes, not 1,048,576 bytes). and now looking at it more closely, you don't even have to use newsyslog. Just include the args: -C 10000000 -w my_tcpdump_logOops! should be: -C 10 -w my_tcpdump_log I assume the OP is not too bothered whether it's megabytes or mebibytes or whatever the hell they call them (using base 10 rather than 2).
Hmmm... so when I said "tcpdump(1) doesn't have options to support rotating dump files based on size" I was in fact *completely* wrong. Memo to self: RTFM. Sorry for the noise folks. Given it's a built-in function please ignore all my blethering about shell scripts. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW
Description: OpenPGP digital signature