Revision history [back]

The default port for syslog traffic is udp/514, so if you're looking for a capture filter, it'd be udp dst port 514 and if you're looking for a Wireshark display filter, it'd be udp.dstport eq 514.