This content has been marked as final. Show 1 reply
Well, the file in question is open as STDOUT for snoop. Even if the rotate would work, STDOUT would still continue to at the same offset as where it stoped, so you would end up with a file which was padded by a lot of zeros.
You could try and use
snoop -o /var/log/snoop -d bge0
and then you might be able to rotate it with logadm, even though that would only work if logadm can preserve the inode of the /var/log/snoop file.
However, its an extremely bad idea to run snoop on a system for a longer period of time. Snoop will affect the network performance and significantly increase the time it takes for the host to process network data.
What you really should to see if you can solve this with a dtrace script, which gives a much much lower impact on the system.