tcpump/tethereal scripts to capture and archive data

Anyone have some automated scripts that will start a tcpdump/tethereal
process, capture the data and rotate the data in a manner so that the
filesystem does not fill up (ie some kind of circular queueing?).

I know tethereal can do this but in the event of a power outage causing
the system to reboot (or scheduled patch maintenance), tethereal "loses
it's place". So something like

tethereal -s 65535 -i eth1 -n -q -t a -w /captures -b filesize:50000 -b
files:900 -f " ... "

Works great as the filesize and number of files have been calculated
for the amount of disk storage.

But throw in a reboot or if the tethereal process dies then there is no
way for tethereal to know where it left off and I have to offload that
older data somewhere, purge the directory and restart the command. If I
do not, then the filesystem fills the rest of the way up.

thanks,

On 7 Aug 2006 10:11:48 -0700
(E-Mail Removed) wrote:

> Anyone have some automated scripts that will start a tcpdump/tethereal
> process, capture the data and rotate the data in a manner so that the
> filesystem does not fill up (ie some kind of circular queueing?).

find . -mtime +1 -exec rm -rf {} ';'

to remove everything over a day old?

you could put that in a while loop, until there is more than N% of disk
available, but I suggest you just calculate your daily traffic and
adjust to suit.

--
Regards, Ed :: http://www.linuxwarez.co.uk
just another bash hacker
Chuck Norris once had a head on collision with the sun. Luckily, the
sun is so far away that the shift of its position had no effect on
Earth.