我有一个长时间运行的tcpdump,它运行在ssh上,输出到一个文件。
ssh remotehost.example.com -p "tcpdump -i eth0 -w - " > capture-`date '+%Y%m%d-%H%M'`.pcap
如何按日或按周轮换该文件?重要的是不要复制或丢失任何内容。
答案 0 :(得分:0)
来自tcpdump手册页:
-G If specified, rotates the dump file specified with the -w option every rotate_sec‐ onds seconds. Savefiles will have the name specified by -w which should include a time format as defined by strftime(3). If no time format is specified, each new file will overwrite the previous. If used in conjunction with the -C option, filenames will take the form of `file<count>'.
例如,如果您想每10秒旋转一次:
tcpdump -i eth0 -G 10 -w capture-%Y%m%d-%H%M%S.pcap
在您的情况下,您可以像这样每天轮换:
tcpdump -i eth0 -G 86400 -w capture-%Y%m%d-%H%M.pcap