On Apr 10 19:09:05, [email protected] wrote:
> Good Evening Community,
> I am running the following command in the OpenBSD 6.2.
You want to upgrade.
> *"tcpdump -Nneqt -w tcpdump.pcap -i vic0 &"*
> and using the following newsyslog.conf entry for rotating the tcpdump.pcap
> # logfile_name owner:group mode count size when flags
> /home/logs/tcpdump.pcap 644 5 10 * z
> So when newsyslog checks and >=10KB size hits, the *tcpdump.pcap* file
> will be rotated and *tcpdump.pcap.0.gz* will be created.
> But after this, the size of the file is not increasing.
> run the following command to check the file
>
> *#tcpdump -r tcpdump.pcaptcpdump: bad dump file format*
> *and the above tcpdump command is still running in the background.*
I do this with running a pflogd instance; unlike tcpdump,
pflogd is well suited to have its logs rotated and behave accordingly.
For example,
$ grep sip /etc/rc.local
/sbin/pflogd -s 65000 -i pflog1 -f /var/log/siplog
$ grep sip /etc/newsyslog.conf
/var/log/siplog 600 3650 * @T00 ZB "pkill -HUP -u root -U root -t - -x pflogd"
after pflog1 has been set up to capture certain traffic, as in
pass log (all, to pflog1) on $phones
Jan
> *So the question is the tcpdump have any issue with rotating the files with
> newsyslog?*
> *Or am I missing something?*
> *Can you please suggest a solution for this?*
>
>
>
> Thanks and Regards
> Yogendra Kumar
> National Institute of Technology,
> Karnataka
>
