Example
|
Tcpdump支持的滚动参数
tcpdump [ -AdDefIKlLnNOpqRStuUvxX ] [ -B buffer_size ] [ -c count ] |
-G rotate_seconds:
If specified, rotates the dump file specified with the -w option every rotate_seconds seconds. Savefiles will have the name specified by -w which should include a time format as defined by strftime(3). If no time format is specified, each new file will overwrite the previous.
If used in conjunction with the -C option, filenames will take the form of 'file<count>'.-C file_size:
Before writing a raw packet to a savefile, check whether the file is currently larger than file_size and, if so, close the current savefile and open a new one. Savefiles after the first savefile will have the name specified with the -w flag, with a number after it, starting at 1 and continuing upward. The units of file_size are millions of bytes (1,000,000 bytes, not 1,048,576 bytes).
-W filecount:
Used in conjunction with the -C option, this will limit the number of files created to the specified number, and begin overwriting files from the beginning, thus creating a 'rotating' buffer. In addition, it will name the files with enough leading 0s to support the maximum number of files, allowing them to sort correctly.
Used in conjunction with the -G option, this will limit the number of rotated dump files that get created, exiting with status 0 when reaching the limit. If used with -C as well, the behavior will result in cyclical files per timeslice.-w file
-w /var/tmp/trace-%m-%d-%H-%M-%S-%s will give you %m=month, %d=day of month, %H=hour of day, %M=minute of day, %S=second of day, %s=millisecond of day
For Example:tcpdump -i en0 -w /var/tmp/trace -W 48 -G 1800 -C 100
This will rotate files (of names trace1, trace2, …) cyclically, with period 48, either every 1800 seconds (=30 minutes) or every 100 MB, whichever comes first.
@ref: