First: as others mentioned, tcpdump isn't suited for output rotation via tools like newsyslog. Even if you manage to restart it with new log, you'll probably skip some packets. You might implement some sort of overlap (you start tcpdump to a new file, *then* you kill the old one and write a tool to seamlessly merge flows)
Second: Non-OpenBSD tcpdump support -C/-G/-W options that do the rotation automatically (size- and age-based). I don't know if it may be backported. Third: Are you sure you want long-running tcpdump? Perhaps netflow could be enough... See pflow(4) + nfcapd(1). The latter does autorotation and can call compressor afterwards. -- Paweł Kraszewski GPG key: E030 A049 9C33 C1E9 28EA 50C9 821F DA62 0A90 D330
