Splitting Syslog dissector message columns

asked 2018-07-17 09:12:51 +0000

MSK
3 ●2 ●4 ●7

Hello,

I would like to split the message part of the syslog dissector so that they are displayed in columns as the syslog message we have is pretty long and is not easy to read. I was wondering what would be the best possible way ? I am looking for ways to not make any changes to the syslog source file as this may interfere when we update the wireshark source.

Any suggestions is highly appreciated.

Best Regards,

answered 2018-07-17 14:00:13 +0000

cmaynard

11115 ●11 ●317 ●165 https://www.igt.com/

I don't think you can split the syslog message.

You can right-click on the syslog.msg field and choose, "Apply as Column", but I don't think that's going to help you.

You could try using tshark instead, perhaps with something like this:

tshark -r file.pcap -T fields -e frame.number -e syslog.msg

edit flag offensive delete link

Comments

Thanks for the reply. I can split the actual syslog message to display as columns the facility, level, and the Message (which contains actual specific information about our packets). I am trying to find a way to split the our Message without changing the code in packet-syslog.c.

MSK ( 2018-07-18 00:51:24 +0000 )edit

Maybe if you provide an example of your message and how you would like it to be split up, then someone might be able to help you come up with a script that could process the tshark syslog.msg field and split it up according to your criteria. You won't be able to split it up with Wireshark.

cmaynard ( 2018-07-18 15:31:11 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Splitting Syslog dissector message columns

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Splitting Syslog dissector message columns edit

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Splitting Syslog dissector message columns