Hello,
I am running ulogd 1.02-2 with the pcap plugin on a 2.6.12 kernel.
The problem is that on a rather regular basis, the pcap files seem to
become corrupted: A
# tcpdump -r /var/log/ulog/ulogd.pcap
gives me only
> tcpdump: bad dump file format
If I stop ulogd, remove the offending file and restart it, it works OK
- for about the rest of the day. This makes me wonder whether maybe
logrotate has a hand in this. My /etc/logrotate.d/ulogd looks like
this:
-------
/var/log/ulog/*.log {
missingok
sharedscripts
postrotate
/etc/init.d/ulogd reload
endscript
}
/var/log/ulog/ulogd.pcap {
weekly
missingok
prerotate
/etc/init.d/ulogd stop
endscript
postrotate
/etc/init.d/ulogd start
endscript
}
-------
I am stopping ulogd before rotating the pcap files in the hopes that
this would remedy the problem - but that doesn't seem to be the case,
so maybe it's something completely different.
At this point, I am only dumping dropped packets, so the traffic
should not be that outlandishly high. The machine in question is
directly connected to the Internet and to a tiny LAN, but all in all,
it is leading a comparatively quiet life.
Has anybody experienced these issues before, and does anyone know what
to do about them? Any input would be much appreciated.
Thanks,
Juergen
Attachment:
signature.asc
Description: Digital signature