Howdy,
I'm currently running tshark like this:
tshark -n -V -l -i eth1 port nfs and host 172.28.80.41 | myscript
I need this to run for days and days.
Tshark however seems to capture to /tmp/etherXXXXjRZvbB with dumpcap and
have an every growing file until I run out of space (file that tshark reads
and parses).
Can I either:
1) skip dumpcap and not have an ever growing file?
2) tell tshark to quit when the dumpcap file is 10G and I'll restart it in
a loop after /bin/rm /tmp/etherXXX*
Or any other suggestion so that tshark doesn't eat all my disk space?
(I read about -a capture autostop, but that seems to be if I capture to a file
and I don't want to capture to a file, I just want pipes and real time
processing)
Thanks,
Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/