tcpdump log rotation

Hi,

I am trying to get a log rotation on using the tcpdump functions. However it does not seem to do anything else than overwrite the existing file. I want tcpdump to rotate every 10 minutes or so.

I have tried a few different options, an example is shown below.

sudo tcpdump -w test.pcap -G 10 -i eth3 -nn -C 1000 "vlan xx and ip"

Does anyone have an idea on how to do this correctly?

Thank you.
synackrstAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

wesly_chenCommented:
-G : If specified, rotates the dump file specified with the -w option every rotate_seconds seconds.
For 10 minutes. it should be
-G 600
0
synackrstAuthor Commented:
Thats right, however I'd want the logfiles to be written as an example, writing to current file: test.pcap and then the newest "archieved" files as  test1.pcap,test2,pcap etc.. That way I can configure an application to read from the file test1.pcap to get close to the newest information.

"If used in conjunction with the -C option, filenames will take the form of `file<count>'. "

Any ideas?
0
bouguiCommented:
Hi

well on Ubuntu it is -W that need to be used to cycle the file

Can you test this with -W 10 whtich should keep the last 10 files and rotate through them ?

Bye
0
bouguiCommented:
Here is what I have tested to work

sudo tcpdump -w test.pcap  -s 0 -i eth0 -n -W 10 -C 1

will retate 10 files ~1 MB each

with -G you need to secify the filename and if you dont tcpdump will alway write to a single file

Bye
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.