My company is trying to export the live captured packet syslogs to a device within the network. We were just wondering if it is actually possible to do it with the Wireshark acting as a syslog relay server? Thanks.
Asked
Active
Viewed 1,148 times
0
-
Not sure I understand. Are you trying to monitor what data is being sent to/from a syslog device? The .pcap file format is actually a generic capture format - you can do a capture on **any** device using **any** software and load it in Wireshark and it will be able to read it fine. – Mark Henderson Aug 30 '10 at 02:49
-
I have two questions - 1 do you need to do this in real time ? 2 if answer to one is yes, then why not capture the packets on the machine your relaying them to ? – Geraint Jones Aug 30 '10 at 03:56
-
Cause it will defeat the whole purpose of setting up a network infrastructure.... – Aug 31 '10 at 02:56
1 Answers
1
Wireshark syslogs? Do you mean the standard wireshark packet captures? If so, I don't know of any easy way to stream those messages to another server.
Have you considered using tcpdump instead? That's what wireshark uses under the hood, and it's a command-line program. This would make it quite easy to run tcpdump remotely via ssh and save the output to a file on the local system.
EEAA
- 109,363
- 18
- 175
- 245
-
Yea I was referring to the packet Captures as we were thinking of transfering real time packet captures to another syslog server etc. Kiwi Server. Thanks. – Aug 30 '10 at 02:51
-
something like this on the destination server `netcat -l 3030 | tcpdump -r -` and this on the source server `tcpdump -w - | netcat destserver 3030` would stream it, but I fail to see the point. – Geraint Jones Aug 30 '10 at 04:26
-
-
for sure, I had not put any filtering in the `tcpdump -w -` but you get the idea ;-) – Geraint Jones Aug 30 '10 at 05:06