This is the command [rcortiz@simon ~]$ sudo /usr/sbin/tcpdump -i eth2.10 -nn port 514 | cut -c 1-8 | uniq -c
This is the output tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth2.10, link-type EN10MB (Ethernet), capture size 65535 bytes 108119 12:07:11 184746 12:07:12 184450 12:07:13 183494 12:07:14 186214 12:07:15 192680 12:07:16 221238 12:07:17 221840 12:07:18 222384 12:07:19 203158 12:07:20 184832 12:07:21 184544 12:07:22 185153 12:07:23 212496 12:07:24 239870 12:07:25 197124 12:07:26 184842 12:07:27 184355 12:07:28 184908 12:07:29 211076 12:07:30 213709 12:07:31 184826 12:07:32 226183 12:07:33 226832 12:07:34 213766 12:07:35 184722 12:07:36 184839 12:07:37 185262 12:07:38 185274 12:07:39 185621 12:07:40 184952 12:07:41 185403 12:07:42 191074 12:07:43 181381 12:07:44 188312 12:07:45 184841 12:07:46 188990 12:07:47 195205 12:07:48 205637 12:07:49 238370 12:07:50 232547 12:07:51 228739 12:07:52 217031 12:07:53 213861 12:07:54 215222 12:07:55 230737 12:07:56 230477 12:07:57 231049 12:07:58 230831 12:07:59 230672 12:08:00 230857 12:08:01 230776 12:08:02 230712 12:08:03 232296 12:08:04 234104 12:08:05 227764 12:08:06 180749 12:08:07 181209 12:08:08 230865 12:08:09 219094 12:08:10 212202 12:08:11 146865 12:08:12 147163 12:08:13 147316 12:08:14 147267 12:08:15 146887 12:08:16 147138 12:08:17 146872 12:08:18 223649 12:08:19 236765 12:08:20 236879 12:08:21 237234 12:08:22 236304 12:08:23 234676 12:08:24 236110 12:08:25 236654 12:08:26 236624 12:08:27 237052 12:08:28 236325 12:08:29 236311 12:08:30 237267 12:08:31 237065 12:08:32 235903 12:08:33 235541 12:08:34 237057 12:08:35 236777 12:08:36 237136 12:08:37 235897 12:08:38 236429 12:08:39 236228 12:08:40 236214 12:08:41 237024 12:08:42 236450 12:08:43 235669 12:08:44 226278 12:08:45 225836 12:08:46 225572 12:08:47 225985 12:08:48 226734 12:08:49 223886 12:08:50 225422 12:08:51 225482 12:08:52 225766 12:08:53 223468 12:08:54 223261 12:08:55 233182 12:08:56 237415 12:08:57 236865 12:08:58 236743 12:08:59 235403 12:09:00 219302 12:09:01 221338 12:09:02 175313 12:09:03 164237 12:09:04 216996 12:09:05 218756 12:09:06 217070 12:09:07 223811 12:09:08 226053 12:09:09 229845 12:09:10 237514 12:09:11 237068 12:09:12 236855 12:09:13 237392 12:09:14 229998 12:09:15 = 41205248 packets captured 49649942 packets received by filter 8444281 packets dropped by kernel The reason why I think its writing the proper amount is because in the spirent, I can set the frames per second as I wish, so for example I write: 17500 fps to f_ad 115000 fps to f_fw 25000 fps to f_shib 25000 fps to f_mail 17500 fps to f_vm 17500 fps to f_pix 17500 fps to f_networks 15000 fps to f_router and when I check using: grep for a particular second ( see below) for all logs I get the 250,000 fps that I set the spirent to, and if I look at the number for each log, I get what I set the spirent to. [rcortiz@simon test]$ ls f_ad f_fw f_mail f_networks f_pix f_router f_shib f_vm [rcortiz@simon test]$ sudo grep 12:08:05 * | wc -l 250008 [rcortiz@simon test]$ sudo grep 12:08:06 * | wc -l 250000 [rcortiz@simon test]$ sudo grep 12:08:07 * | wc -l 249999 [rcortiz@simon test]$ sudo grep 12:08:08 * | wc -l 250011 [rcortiz@simon test]$ sudo grep 12:08:09 * | wc -l 249999 [rcortiz@simon test]$ sudo grep 12:08:09 f_fw | wc -l 115000 [rcortiz@simon test]$ sudo grep 12:08:10 f_fw | wc -l 115000 [rcortiz@simon test]$ sudo grep 12:08:11 f_fw | wc -l 115000 [rcortiz@simon test]$ sudo grep 12:08:11 f_mail | wc -l 24999 [rcortiz@simon test]$ sudo grep 12:08:12 f_mail | wc -l 25002 [rcortiz@simon test]$ sudo grep 12:08:12 f_shib | wc -l 25000 [rcortiz@simon test]$ sudo grep 12:08:12 f_vm | wc -l 17500 [rcortiz@simon test]$ sudo grep 12:08:12 f_ad | wc -l 17501 [rcortiz@simon test]$ sudo grep 12:08:12 f_ | wc -l Robert. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
