This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Log output to file, info and errors alike

0

Hi all,

I'm using tshark to record all traffic in my office during a day, for use in a research project. I have a cron job mon-fri at 8 in the morning, that runs a shell script with the following:

tshark -i eth2 -i eth3 -w traces/$(date +%Y-%m-%d_%H-%M-%S)_benign.pcap -a duration:36000

I would like to have access to the information printed by tshark, when executing, eg. drop count:

[email protected]:~$ tshark -i eth2 -i eth3 -w traces/$(date +%Y-%m-%d_%H-%M-%S)_benign.pcap -a duration:36000
Capturing on 'eth2' and 'eth3'
185 ^C
1 packet dropped

1 packet dropped

I was hoping to have a switch to specify a log file, however I’m unable to find such. Does such exist?

appending " > tmp.log" doesn’t catch the output..

Any suggestions as to how I can get a log?

Thanks in advance

asked 23 Apr ‘14, 03:04

kidmose's gravatar image

kidmose
16114
accept rate: 0%

edited 23 Apr ‘14, 03:05

1

Note that neither tshark nor Wireshark are recommended for continuous traffic capture, instead use dumpcap.

See @Jasper’s blog entry for more info: http://blog.packet-foo.com/2013/05/the-notorious-wireshark-out-of-memory-problem/

(23 Apr ‘14, 05:17) grahamb ♦

One Answer:

2

Hi kidmose,

if you would search on internet regarding redirection of i/o you would find a lot of info.

here are some useful links:

tldp

Bashk

or try this:

hostname:~ edmond$ tshark -i en0 -w yourfile.pcap -a duration:20 > log 2>&1 hostname:~ edmond$ cat log Capturing on 'Ethernet' 441 packets captured hostname:~ edmond$

answered 23 Apr '14, 03:16

Edmond's gravatar image

Edmond
1813614
accept rate: 33%