On 2018-06-28 10:18, Federico Donati wrote:
> With newsyslog, logs are being rotated, but new file "isakmpd.pcap" is
> not usable with tcpdump (message is "tcpdump: bad dump file format").
>
> I've also tried to stop isakmpd writing isakmpd.pcap (echo p >
> isakmpd.fifo), but it didn't work.
Ok, this workaround works:
conf file:
# cat newsyslog_ipsec.conf
/var/run/isakmpd.pcap root:wheel 600 30 * $D0 ZB "rm
/var/run/isakmpd.pcap ; echo p on > /var/run/isakmpd.fifo"
command to be run:
# echo p off > /var/run/isakmpd.fifo; newsyslog -Ff newsyslog_ipsec.conf -v
Newsyslog creates an empty file during the rotation. Tcpdump doesn't
like this file, so I need to stop the writing of isakmpd.pcap, rotate
the log, remove the newly created file and activate the logging again
(so isakmpd will create its working pcap file).
This actually works, but I have to put in crontab rather than inside
/etc/newsyslog.conf, and I find this pretty ugly.
It would be nice if newsyslog had a "prerotate" function, something like
logrotate.
I'm always open to suggestion if you had similar needs.
Bye
No comments:
Post a Comment