Hi folks,
Something I've done on other platforms e.g on a firewall is have
tcpdump running and logging to disk. You know ahead of time how much
disk space to allocate to this task, and there are command line
options on tcpdump that you can adjust to accomplish this. So it will
always occupy that known amount of space, and you know that you have
the last X hours of traffic logged. Basically use the option to
change to a new log file as soon as it hits size X, combined with the
option to limit the number of log files to Y.
Has anyone done something like this with OpenBSD? I don't see
anything obvious and was wondering what others might have done to
accomplish this. Perhaps some kind of wrapper script ...
thanks,
-Alan
--
"You should sit in nature for 20 minutes a day.
Unless you are busy, then you should sit for an hour"
- Zen Proverb
