|
Hello I have tshark running on a windows 2012 server, and it is writing its temp files to this directory. C:\Users\%Username%\AppData\Local\Temp I need to move it to a new disk and directory d:\Temp I have changed the TEMP,TMP,TMPDIR environment variables to the new path D:\Temp and when I go to wireshark -> abut -> folders I can see the D:\Temp however the tshark keeps writing its temp files to the drive C: location. how can i make tshark write to the new directory. thank you |
|
TShark/dumpcap uses the TEMP directory from the user environment variables - have you changed that one, or the system one? You could also always force tshark/dumpcap to write files to a specific location by using the "-w" parameter. You might also be interested in this blog post: http://blog.packet-foo.com/2014/07/wireshark-file-storage/ Hello I have changed the USER ENV not the system. I can't use the -w since I'm reading the STDOUT of tshark if I use it I don't see STDOUT. any idea's what I'm doing wrong? thank you
(18 Aug '14, 02:40)
avi_m1968
Have you verified that the command session you're running tshark in actually has the TEMP setting you assume? I usually check this by running the "SET" command. Maybe you're running the command line as a different user, e.g. from a task scheduler account?
(18 Aug '14, 02:42)
Jasper ♦♦
I'm running the script from the task scheduler, but it is running as the user that i changed in his profile the environment variables. I have added commands to the script that would check and write to the file the environment variables that the script see's and i'll update you.
(18 Aug '14, 04:19)
avi_m1968
1
you are right, even that the user ENV vars were changed when running the script it used the global ENV setting I added the the 3 SET commands TEMP,TMP,TMPDIR to the script before running tshark and it solved the problem. thank you :-)
(18 Aug '14, 04:54)
avi_m1968
|
