Hi there! My company is trying to export the live captured packet syslogs to a device within the network. We were just wondering if it is actually possible to do it with the Wireshark acting as a syslog relay server? Thanks.
From serverfault
VMNoob
-
Wireshark syslogs? Do you mean the standard wireshark packet captures? If so, I don't know of any easy way to stream those messages to another server.
Have you considered using
tcpdumpinstead? That's what wireshark uses under the hood, and it's a command-line program. This would make it quite easy to run tcpdump remotely via ssh and save the output to a file on the local system.VMNoob : Yea I was referring to the packet Captures as we were thinking of transfering real time packet captures to another syslog server etc. Kiwi Server. Thanks.c10k Consulting : something like this on the destination server `netcat -l 3030 | tcpdump -r -` and this on the source server `tcpdump -w - | netcat destserver 3030` would stream it, but I fail to see the point.ErikA : @c10k You're going to end up with some serious recursion issues there.c10k Consulting : @erik for sure, I had not put any filtering in the `tcpdump -w -` but you get the idea ;-)From ErikA
0 comments:
Post a Comment