This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Getting logs out from the Wireshark’s Capture pcap File

0

I would like to get logs out of pcap files (the pcap file is converted to windows .txt file using tshark command tshark -V -r {file}) so that i can display these packet capture logs in Splunk. What is the most common,standard, correct way of getting logs out from the pcap files that are converted to windows 7 .txt file especially when i am going to show the logs in the Splunk??

asked 18 Apr '12, 01:42

misteryuku's gravatar image

misteryuku
20242630
accept rate: 0%

edited 18 Apr '12, 01:44

1

You've now asked 14 questions and have not accepted any of the answers to any of them. You do realise that folks are attempting to help you out on their own time here? Please recognise any answers that have helped by clicking the check mark icon on the answer to "accept" them.

(18 Apr '12, 02:03) grahamb ♦

Yes sir, i understand. im very sorry about it.

(19 Apr '12, 23:21) misteryuku

No problem, but it motivates folks to answer your questions, and helps others who may have the same question to see an "accepted" answer.

(20 Apr '12, 01:56) grahamb ♦

2 Answers:

0

As per the answers by Guy Harris to your very similar question here, this is really a question for the Splunk folks, not Wireshark.

answered 18 Apr '12, 01:59

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

0

The standard way to get log files is, as you already said in your question, to use TShark in the fashion you describe:

tshark -V -r {file} >log.txt

as a Windows command.

answered 18 Apr '12, 11:11

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%