This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Is there a way to send the Wireshark (dumpcap) captures directly to a syslog server? Or send them to a custom Windows event log?

asked 31 Dec '14, 05:43

wireshark_r's gravatar image

wireshark_r
11223
accept rate: 0%


Neither syslog nor Windows eventlog makes much sense in this context, as the capture files taken with dumpcap, are in binary format and you won't be able to do anything usefull with that data on the syslog server.

Maybe I don't understand what you are trying to achive. Can you please add some words about what you are trying to do and mabye a sample log line you want to see on the syslog server?

Regards
Kurt

permanent link

answered 31 Dec '14, 08:14

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

I am trying to send my Cisco SPAN port stream from my NIC to my SIEM device.

(31 Dec '14, 08:33) wireshark_r
1

The SIEM (most certainly) won't be able to read/decode the binary pcap data. So, again: What are you actually trying to do?

If your SIEM is able to listen to network traffic, you should take a look at RSPAN or ERPSAN.

(31 Dec '14, 08:39) Kurt Knochner ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×89
×10

question asked: 31 Dec '14, 05:43

question was seen: 3,149 times

last updated: 31 Dec '14, 08:39

p​o​w​e​r​e​d by O​S​Q​A