I have some firewall logs (UFW/kern/syslog entries). Is there a way to import this data to Wireshark for some analysis/pictorial representation?
asked 09 Aug '14, 17:27
Short answer is that Wireshark analyses packets, not logs. However, if you set up your Linux system as a syslog client and capture the UDP stream containing the syslog entries as packets, in concept that would contain them in a packet capture file that could be loaded into Wireshark.
What exactly are you looking to graph or get pictorial representations for? It's unlikely Wirrshark can do much more with the log files than awk/sed/grep or vi can for most practical purposes.
answered 10 Aug '14, 03:54
edited 10 Aug '14, 03:55
I think I know where the confusion, regarding the import of log files into Wireshark, might have come from...
You might have thought that BSD pf logs are real text log files, but they are in fact pcap files, created by the pflog feature of OpenBSD
The BSD pf log capture files can be opened with Wireshark, as they are actually pcap files.
Wireshark is not able to do what you are requesting, as it's a network analysis/troubleshooting tool, not a log analysis tool. If you desperately need that feature, here are your options:
However, importing text based (firewall)logs, won't get you very far, as they contain by far not enough information to make Wireshark useful in any way.
On Windows, the following tool could be a possible solution for you: Wallwatcher
On Linux, one of the following iptables analysis tools, might be useful.
answered 10 Aug '14, 09:28
Kurt Knochner ♦