On Thu, May 13, 2010 at 04:54:34PM -0700, Phil Paradis wrote:
> If you're running on Linux, you can just create an init script to
> start dumpcap at boot. I'm not sure about the timestamp issue; all
> of our capture boxes are Windows-based
[snip]
> You'd probably need a cron job to clean up the orphaned
> buffer files from system reboots though.
I am indeed running on Linux. Thanks for the dumpcap and timestamp
pointers! It should be possible to save the need to clean the buffer
files at boot and also improve performance by writing to a ramdisk FS,
such as a tmpfs or ramfs. Not sure that I actually want it kicked off
at boot, though. For our environment, might be better if people could
specify their packet filters and start captures on-demand.
- Morty
