On 2016-01-28 at 13:17:30 +0100, e.bengts...@gmail.com <e.bengts...@gmail.com>
wrote:
>
>
> Den onsdag 27 januari 2016 kl. 18:02:23 UTC+1 skrev e.ben...@gmail.com:
> >
> >
> >
> > Den onsdag 27 januari 2016 kl. 16:17:46 UTC+1 skrev Tobias Klauser:
> >>
> >> Hi again
> >>
> >> On 2016-01-27 at 16:10:30 +0100, Tobias Klauser <tkla...@distanz.ch>
> >> wrote:
> >> > On 2016-01-27 at 14:40:55 +0100, Erik Bengtsson <e.ben...@gmail.com>
> >> wrote:
> >> > > By "start time" I mean file creation time. It is totally possible to
> >> post
> >> > > process all log files and synchronize them using pcap timestamps, as
> >> you
> >> > > suggested, but I'm afraid that it will be less effective for us since
> >> there
> >> > > will be a huge amount of data to move around and process.
> >> >
> >> > Ah ok, I see. Thanks for clarifying.
> >> >
> >> > In that case, I'm afraid there currently is no method to synchronize
> >> the file
> >> > creation among multiple instances of netsniff-ng. As Daniel suggested,
> >> > timerfd might be an option to implement a feature along these lines. If
> >> > you want, feel free to have a look into it - patches are gladly
> >> accepted
> >> > :)
> >>
> >> Something which I completely forgot about...
> >>
> >> There might be an option (though a bit curde) to solve this using the
> >> permature rotation caused by SIGHUP. You could set up a separate task
> >> simultaneously sending a SIGHUP every minute to your netsniff-ng
> >> processes. See commit 46289df6bc8f573bc01be4fb4aa93343ecc6d50a
> >> ("netsniff-ng: Rotate pcap files prematurely on SIGHUP") for details.
> >>
> >> Tobias
> >>
> >
> > That sounds really interesting! :-)
> >
> > I ended up using signal USR2 since i didn't want to change how SIGHUP was
> > used. When USR2 is received, the current time is saved and used when naming
> > the next file (which is created when the next packet is received).
> >
> > A patch is included if you want to have a look.
> >
> > / Erik
> >
> >
>
> I've continued working on this a bit and have a solution that seems to be
> working. The patch is included if someone wants to have a look.
Nice, thanks a lot. I think we don't even need to have a command line
option for this but could just make it the default behavior to record
the timestamp of the sighup in the filename. The file creation time will
still reflect the actual time of when the first packet arrived.
I'll adjust the patch accordingly and commit it with your Signed-off-by,
if that's ok with you.
Thanks
Tobias
--
You received this message because you are subscribed to the Google Groups
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to netsniff-ng+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
