Hi Jeff,
I must be missing something.
I set dumpcap permissions to:
# ls -l /usr/local/bin/dumpcap
-rwxr-xr-- 1 root wireshark 230157 Dec 11 10:40 /usr/local/bin/dumpcap
and the dumpcap command is:
root /usr/local/bin/dumpcap -B 16 -i 2 -f vlan and (not vrrp and not udp port 1985 and not ether host 01:00:0c:cc:cc:cc) -g wireshark -b filesize:250000 -b duration:900 -w /var/opt/data/captures.cap
I also tried
root /usr/local/bin/dumpcap -B
16 -i 2 -f vlan and (not vrrp and not udp port 1985 and not ether host
01:00:0c:cc:cc:cc) -g -b filesize:250000 -b duration:900 -w
/var/opt/data/captures.cap
but the ring buffer files still end up "root root".
]# ls /var/opt/data/captures/* -l
-rw-r----- 1 root root 111542192 Dec 11 13:19 /var/
Thoughts??
Any guidance will be appreciated!
Thanks!
-John
On Tue, Dec 11, 2012 at 1:11 PM, John Powell
<jrp999@xxxxxxxxx> wrote:
Hi Jeff,
After you said that I did DUMPCAP -h and behold there it was!!
Thanks so much for all of the work you do on this project!!
-John