Ask Your Question
0

Wireshark & SIEM

asked 2017-12-14 17:43:28 +0000

georg gravatar image

updated 2017-12-19 21:02:52 +0000

Christian_R gravatar image

I have Wireshark on a port listenting - can I get it to periodically send syslog messages to a SIEM about the nature (stats per protocoll etc.) and volume of traffic encountered?

regards, Georg

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-12-14 18:33:44 +0000

grahamb gravatar image

I guess you could by cobbling something together with scripts and tshark, but note that a continuously running Wireshark or tshark tends to run out of memory due to retained state and that Wireshark is really a packet analyser not a network monitoring tool, there are other tools specifically for that task.

edit flag offensive delete link more

Comments

I wonder if something like ntop or snort might be better to collect and analyze the traffic instead of using Wireshark or associated packet capture utilities.

For wifi traffic, you can have a look at nzyme.

Bob Jones gravatar imageBob Jones ( 2017-12-14 22:21:28 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2017-12-14 17:43:28 +0000

Seen: 1,943 times

Last updated: Dec 14 '17

Related questions

Wireshark 2.4.1 GTK Crash on long run

Why redirection of VoIP calls to voicemail fails?

Capture incoming packets from remote web server

How do I get and display packet data information at a specific byte from the first byte?

Client is waiting for FIN flag from server for 30 sec

wifi disconnects as wireshark starts

How do I add "child item" to an item in the subtree?

What is the syntax for wireshark custom column

Getting error MSB4018 when trying to build wireshark sources

Monitoring UDP data on wireshark shows ARP packet