pcap stream rotation and pruning

Posted by pilcrow on Server Fault See other posts from Server Fault or by pilcrow
Published on 2010-03-15T15:44:02Z Indexed on 2010/03/15 15:50 UTC
Read the original article Hit count: 531

Filed under:

logs

|

rotation

|

pcap

|

tcpdump

Some of my servers collect a lot of packet data. Is there a utility (or patch to tcpdump(1)) to log a pcap stream to disk which:

Rotates based on size of data written
Prunes written files, keeping only the N most recent
Does not re-use output filenames
Is self-contained
(Ruling out, e.g., a rotation with external pruning via crond(8)+tmpwatch(8))

Basically I want a multilog or svlogd that groks the pcap record format.

The -W filecount option of tcpdump-4.0.0 "prunes" by recycling old filenames, which violates #3 above, forcing me to consult mtimes to determine recency and providing no guarantees against surprise truncation of the log file.

The -G option introduces strftime(2)-specifier support in output filenames, which would give me at least second-precision in file names, but I can't figure out how to get pruning to work with this scheme.

© Server Fault or respective owner

Related posts about logs

Solaris 10 zlogin logs in, logs out immediately

as seen on Server Fault - Search for 'Server Fault'
On a SPARC v445 running Solaris 10 9/10, had to rebuild rpool and reattached the three existing mirrored zpools on the other existing disks, with their zfs filesystems and NG zones intact. The zones have been configured with zonecfg -z ZONENAME create etc. ... and are now online using zoneadm -z… >>> More
nginx 404 logs to all virtualhosting logs

as seen on Server Fault - Search for 'Server Fault'
I am using nginx and i have two sites running: site1 = /1/access.log site2 = /2/access.log when a user get 404 images not found on site2 nginx writes to access.log of site1 & site2 reporting the not found error, i tried everything to get separated logs without luck, i want everything that happen… >>> More
Convert Yahoo Messenger Logs to Adium Logs

as seen on Stack Overflow - Search for 'Stack Overflow'
Is there a way to convert logs from YM for mac to Adium ? Thanks Cezar >>> More
apache syslog-ng error logs and access logs

as seen on Stack Overflow - Search for 'Stack Overflow'
I am trying to send all my apache logs to syslog-ng(on remote machine) which in turn writes to a file. so I configure syslog-ng this way source s_apache { unix-stream("/var/log/apache_log.socket" max-connections(512) keep-alive(yes)); }; filter f_apache { match("error"); }; destination df_custom… >>> More
Get more information about the crash

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
when i issue the command last in my terminal i see the following entries i.e. "crash" How can i find out more information about the crash: Is there any system dump file generated or a backtrace file that i can see or analyze. reboot system boot 3.2.0-32-generic Mon Nov 12 23:58 - 09:13 (09:14) tito… >>> More

Related posts about rotation

Pygame surface rotation, rect rotation or sprite rotation?

as seen on Game Development - Search for 'Game Development'
i seem to have a conceptual misunderstanding of the surface and rect object in pygame. I currently observe these objects this way: Surface Just the loaded image rect the 'hard' representation of the ingame object (sprite). Used for simplifying object moment and collision detection sprite rect… >>> More
Need to translate a Rotation Matrix to Rotation y, x, z OpenGL & Jitter for 3D Game

as seen on Game Development - Search for 'Game Development'
I am using the Jitter Physics engine which gives a rotation matrix: M11 M12 M13 M21 M22 M23 M21 M32 M33 And I need it so OpenGL can use it for rotation GL.Rotate(xr, 1, 0, 0) GL.Rotate(yr, 0, 1, 0) GL.Rotate(zr, 0, 0, 1) Initially I Tried xr = M11 yr = M22 zr = M33 [1 0 0] [0 1 0] [0 0 1] Which… >>> More
Finetuning movement based on gradual rotation towards a target

as seen on Game Development - Search for 'Game Development'
I have an object which moves towards a target destination by gradually adjusting its facing while moving forwards. If the target destination is in a "blind spot", then the object is incapable of reaching it. This problem is ilustrated in the picture below. When the arrow is ordered to move to point… >>> More
2d movement solution

as seen on Game Development - Search for 'Game Development'
Hi! I'm making a simple top-down tank game on the ipad where the user controls the movement of the tank with the left "joystick" and the rotation of the turret with the right one. I've spent several hours just trying to get it to work decently but now I turn to the pros :) I have two referencial… >>> More
2d tank movement and turret solution

as seen on Game Development - Search for 'Game Development'
Hi! I'm making a simple top-down tank game on the ipad where the user controls the movement of the tank with the left "joystick" and the rotation of the turret with the right one. I've spent several hours just trying to get it to work decently but now I turn to the pros :) I have two referencial… >>> More