Date: Sat, 23 May 2009 19:26:37 +0200 From: =?ISO-8859-1?Q?Morgan_Wesstr=F6m?= <freebsd-questions@pp.dyndns.biz> To: freebsd-questions@freebsd.org Subject: Re: how to rotate a tcpdump file Message-ID: <4A1831CD.6080505@pp.dyndns.biz> In-Reply-To: <20090523160452.GA71919@melon.esperance-linux.co.uk> References: <852FCD4FD0834115930F3DB05ADB7F3C@desktop2002> <20090523160452.GA71919@melon.esperance-linux.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Frank Shute wrote: > On Sat, May 23, 2009 at 02:57:08PM +0300, Yavuz Ma?lak wrote: >> I wish tcpdump to rotate tcpdump file whose size reaches 10Mbyte. >> >> Which command should I use ? >> > > You should be able to set up newsyslog(8) to rotate the dumps. > > You want to have a look at newsyslog.conf(5) to craft a line to put in > your conf file. There are examples to work from in the conf file > already. > > Regards, Correct me if I'm wrong but wouldn't tcpdump have to be restarted after the logrotate? I'm under the impression that it would just continue to output to the old inode even if the file occupying it changes name and the restart functionality of newsyslog(8) isn't really bright enough to restart tcpdump with all its initial parameters. I'm using sysutils/cronolog for my Apache logs so I don't have to restart Apache at all for the logrotate. Unfortunately cronolog doesn't seem to have a size option to trigger the rotation though. Maybe there's another alternative for the OP? /Morgan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A1831CD.6080505>