This is a static archive of our old Q&A Site. Please post any new questions and answers at

Wireshark to syslog server


Is there a way to send the Wireshark (dumpcap) captures directly to a syslog server? Or send them to a custom Windows event log?

asked 31 Dec '14, 05:43

wireshark_r's gravatar image

accept rate: 0%

One Answer:


Neither syslog nor Windows eventlog makes much sense in this context, as the capture files taken with dumpcap, are in binary format and you won't be able to do anything usefull with that data on the syslog server.

Maybe I don't understand what you are trying to achive. Can you please add some words about what you are trying to do and mabye a sample log line you want to see on the syslog server?


answered 31 Dec '14, 08:14

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%

I am trying to send my Cisco SPAN port stream from my NIC to my SIEM device.

(31 Dec '14, 08:33) wireshark_r

The SIEM (most certainly) won't be able to read/decode the binary pcap data. So, again: What are you actually trying to do?

If your SIEM is able to listen to network traffic, you should take a look at RSPAN or ERPSAN.

(31 Dec '14, 08:39) Kurt Knochner ♦