Revision history [back]
The ring buffer is a mechanism in the raw binary capture code path (in dumpcap).
There is no ring buffer mechanism for any -T text formats. Note that those mechanisms write to the standard output stream, not to files created by TShark, so a ring buffer mechanism for text output would require that TShark create the text files itself.
If rotatelogs reads its standard input and writes it to a sequence of log files, switching to a new file based on time or file size (as the documentation implies but does not explicitly state, perhaps assuming it's obvious), then piping the output of TShark to rotatelogs should work.
The ring buffer is a mechanism in the raw binary capture code path (in dumpcap).
There is no ring buffer mechanism for any -T text formats. Note that those mechanisms write to the standard output stream, not to files created by TShark, so a ring buffer mechanism for text output would require that TShark create the text files itself.
If rotatelogs reads its standard input and writes it to a sequence of log files, switching to a new file based on time or file size (as the documentation implies but does not explicitly state, perhaps assuming it's obvious), then piping the output of TShark to rotatelogs rotate logs should work.
The ring buffer is a mechanism in the raw binary capture code path (in dumpcap).
There is no ring buffer mechanism for any -T text formats. Note that those mechanisms write to the standard output stream, not to files created by TShark, so a ring buffer mechanism for text output would require that TShark create the text files itself.
If rotatelogs reads its standard input and writes it to a sequence of log files, switching to a new file based on time or file size (as the documentation implies but does not explicitly state, perhaps assuming it's obvious), then piping the output of TShark to rotate logs should work.