I believe snort will do what you want -- it has a daemon mode and will close
& re-open it's capture file when it gets a SIGHUP -- the logs end up being
named MMDD@xxxxxxxxxxxxxx or some such. Standard tcpdump-type output. You
can just run it in packet capture mode and not necessarily use the IDS
functionality.
http://www.snort.org (tho I think it's down right now).
HTH,
-b
-----Original Message-----
From: ethereal-users-admin@xxxxxxxxxxxx
[mailto:ethereal-users-admin@xxxxxxxxxxxx]On Behalf Of Jon Holden-Dye
Sent: Thursday, March 29, 2001 4:31 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] Cron job
Thanks for the help, folks.
I'm afraid I was rather optimistically hoping for something a little bit
more concrete. Have to get something up-and-running by Friday p.m. (UK time)
! Never yet delved into Perl (or even scripting)...
Cheers, Jon H-D
----- Original Message -----
From: "Neulinger, Nathan" <nneul@xxxxxxx>
Cc: <ethereal-users@xxxxxxxxxxxx>
Sent: Thursday, March 29, 2001 9:33 PM
Subject: RE: [Ethereal-users] Cron job
> Seems to me this would go along really well with the discussion of having
a
> miniature stub-capture helper program that could be used by ethereal for
> easy setuid without setuid-gtk.
>
> One other simple approach would be to just get the Net::Pcap module for
perl
> and use it.
>
> -- Nathan
>
> > -----Original Message-----
> > From: Guy Harris [mailto:guy@xxxxxxxxxx]
> > Sent: Thursday, March 29, 2001 2:30 PM
> > To: Guy Harris
> > Cc: Neulinger, Nathan; McNutt, Justin M.;
> > 'ethereal-users@xxxxxxxxxxxx'
> > Subject: Re: [Ethereal-users] Cron job
> >
> >
> > > > I wonder - it would probably be trivial to add support to
> > > > tethereal/ethereal/tcpdump to have SIGHUP cause the
> > server to close and
> > > > reopen the capture file.
> > >
> > > It might be, although you wouldn't want that to be the
> > *default* SIGHUP
> > > action - heck, you might want to make it a SIGUSR1 action, instead
> > > (anything worthy of the name "modern UNIX" should have SIGUSR1).
> >
> > Of course, this raises the question of whether it *belongs*
> > in Tethereal
> > and tcpdump, or whether a "capture daemon" program should be written,
> > instead; it'd be a lot simpler than tcpdump or Tethereal, as
> > it wouldn't
> > support dissecting packets, it'd just support capturing them
> > and saving
> > them to a file.
> >
> > You could, I guess, even get creative and have it support,
> > say, a named
> > pipe to which you can send it a message containing a file name, which
> > causes it to start capturing to that new file.
> >
> > Or you could just have it take, as its "-w" argument, the
> > prefix of the
> > file name, and take another argument which is how long it
> > should capture
> > to any particular file, and it could append a date/time stamp to the
> > name of each file, and do the rotation itself.
> >
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
