> On Wed, May 31, 2017 at 12:36:47PM -0700, Steve Edwards wrote: >> I want to capture all SIP messages. >> >> I have about 30 hosts in about 6 colos. >> >> My first thought was dumpcap, but the output file name format bugs me. >> >> What do you use for long term SIP capture?On Wed, 31 May 2017, Daniel Tryba wrote:> What bugs you about the output format?It's been a while, but as I recollect, it included the date/timestamp in the file name of the 'ring buffer' which meant that each time the host was rebooted, dumpcap didn't know the files from the previous run should be deleted when they 'aged out.' -- Thanks in advance, ------------------------------------------------------------------------- Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST https://www.linkedin.com/in/steve-edwards-4244281
On Wed, May 31, 2017 at 01:39:25PM -0700, Steve Edwards wrote:> >What bugs you about the output format? > > It's been a while, but as I recollect, it included the date/timestamp in the > file name of the 'ring buffer' which meant that each time the host was > rebooted, dumpcap didn't know the files from the previous run should be > deleted when they 'aged out.'Solvable by by writing a cleanup script that deletes files over a specific age, just a basic find in the daily crontab: find /path/to/captures -type f -name 'pattern*' -mtime +X -exec rm {} \;
On Wed, 31 May 2017, Daniel Tryba wrote:> On Wed, May 31, 2017 at 01:39:25PM -0700, Steve Edwards wrote: >>> What bugs you about the output format? >> >> It's been a while, but as I recollect, it included the date/timestamp in the >> file name of the 'ring buffer' which meant that each time the host was >> rebooted, dumpcap didn't know the files from the previous run should be >> deleted when they 'aged out.' > > Solvable by by writing a cleanup script that deletes files over a > specific age, just a basic find in the daily crontab: > find /path/to/captures -type f -name 'pattern*' -mtime +X -exec rm {} \;Been there, done that. Just 1 more thing for me to maintain :) -- Thanks in advance, ------------------------------------------------------------------------- Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST https://www.linkedin.com/in/steve-edwards-4244281