Am 14.10.2013 18:38 schrieb [email protected]:
if isakmpd runs for a while on a busy gateway the file can grow rather large and tcpdump reading it needs considerable disk-IO - and one cannot "tail -f" it anyway.
Some 'mitja' just showed this:/usr/bin/tail -fc+0 /var/run/isakmpd.pcap | tcpdump -tttvvr - <pcap filter expr>
The -c+0 changes tail(1) behaviour from newlines to bytes offset - and by having
that zero, it's just a stream. Nice one. Thanks.
