This discussion is archived
1 Reply Latest reply: Mar 7, 2013 2:13 AM by abrante RSS

Problem combining snoop and logadm

muli033 Newbie
Currently Being Moderated

I'm running snoop and redirect the output to /var/log/snoop using
snoop -d bge0 > /var/log/snoop &
We want to maintain a set of these files to analyze some network issues so we use logrotation:
logadm -p now -C 5 -c /var/log/snoop
The file snoop.0 is created but the filesize of snoop is the same as it was before the logadm command. It seems that the truncation (option -c) doesn't work and I don't know why.

  • 1. Re: Problem combining snoop and logadm
    abrante Pro
    Currently Being Moderated
    Well, the file in question is open as STDOUT for snoop. Even if the rotate would work, STDOUT would still continue to at the same offset as where it stoped, so you would end up with a file which was padded by a lot of zeros.

    You could try and use
    snoop -o /var/log/snoop -d bge0

    and then you might be able to rotate it with logadm, even though that would only work if logadm can preserve the inode of the /var/log/snoop file.

    However, its an extremely bad idea to run snoop on a system for a longer period of time. Snoop will affect the network performance and significantly increase the time it takes for the host to process network data.

    What you really should to see if you can solve this with a dtrace script, which gives a much much lower impact on the system.



  • Correct Answers - 10 points
  • Helpful Answers - 5 points