Hello, I am running ulogd 1.02-2 with the pcap plugin on a 2.6.12 kernel. The problem is that on a rather regular basis, the pcap files seem to become corrupted: A # tcpdump -r /var/log/ulog/ulogd.pcap gives me only > tcpdump: bad dump file format If I stop ulogd, remove the offending file and restart it, it works OK - for about the rest of the day. This makes me wonder whether maybe logrotate has a hand in this. My /etc/logrotate.d/ulogd looks like this: ------- /var/log/ulog/*.log { missingok sharedscripts postrotate /etc/init.d/ulogd reload endscript } /var/log/ulog/ulogd.pcap { weekly missingok prerotate /etc/init.d/ulogd stop endscript postrotate /etc/init.d/ulogd start endscript } ------- I am stopping ulogd before rotating the pcap files in the hopes that this would remedy the problem - but that doesn't seem to be the case, so maybe it's something completely different. At this point, I am only dumping dropped packets, so the traffic should not be that outlandishly high. The machine in question is directly connected to the Internet and to a tiny LAN, but all in all, it is leading a comparatively quiet life. Has anybody experienced these issues before, and does anyone know what to do about them? Any input would be much appreciated. Thanks, Juergen
Attachment:
signature.asc
Description: Digital signature