Tshark - Can I use ring buffer with text files
Hello, I log a lot of data and I use text files with tshark, using "-T json" option. I want to create small multiple text files instead of 1 big file. I tried the "-b interval:1000 -b files:100" to create subfiles of 1Mo but it only works for pcap files, not for json (wich is the output by the way). Do you know a way of doing it with tshark ?
If not I will have to try to change the output path during the acquisition. Or stopping then restarting with new path...but I'm not really satisfied with this... Thanks and see you.
The diagram here (WSDG: 7.2. Overview) shows Wireshark but also applies to tshark. Capture (and the ring buffering) is done with dumpcap.
A script monitoring the ring buffer directory looking for new files, process them with tshark to JSON output then discard the capture file? (Easier on *nix (tm). Doable on Windows?)