This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark to syslog server

0

Is there a way to send the Wireshark (dumpcap) captures directly to a syslog server? Or send them to a custom Windows event log?

asked 31 Dec '14, 05:43

wireshark_r's gravatar image

wireshark_r
11223
accept rate: 0%


One Answer:

1

Neither syslog nor Windows eventlog makes much sense in this context, as the capture files taken with dumpcap, are in binary format and you won't be able to do anything usefull with that data on the syslog server.

Maybe I don't understand what you are trying to achive. Can you please add some words about what you are trying to do and mabye a sample log line you want to see on the syslog server?

Regards
Kurt

answered 31 Dec '14, 08:14

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

I am trying to send my Cisco SPAN port stream from my NIC to my SIEM device.

(31 Dec '14, 08:33) wireshark_r
1

The SIEM (most certainly) won't be able to read/decode the binary pcap data. So, again: What are you actually trying to do?

If your SIEM is able to listen to network traffic, you should take a look at RSPAN or ERPSAN.

(31 Dec '14, 08:39) Kurt Knochner ♦