Wireshark to syslog server


Is there a way to send the Wireshark (dumpcap) captures directly to a syslog server? Or send them to a custom Windows event log?

One Answer:


Neither syslog nor Windows eventlog makes much sense in this context, as the capture files taken with dumpcap, are in binary format and you won't be able to do anything usefull with that data on the syslog server.

Maybe I don't understand what you are trying to achive. Can you please add some words about what you are trying to do and mabye a sample log line you want to see on the syslog server?


I am trying to send my Cisco SPAN port stream from my NIC to my SIEM device.

The SIEM (most certainly) won't be able to read/decode the binary pcap data. So, again: What are you actually trying to do?

If your SIEM is able to listen to network traffic, you should take a look at RSPAN or ERPSAN.

