Ask Your Question
0

Wireshark & SIEM

asked 2017-12-14 17:43:28 +0000

georg gravatar image

updated 2017-12-19 21:02:52 +0000

Christian_R gravatar image

I have Wireshark on a port listenting - can I get it to periodically send syslog messages to a SIEM about the nature (stats per protocoll etc.) and volume of traffic encountered?

regards, Georg

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-12-14 18:33:44 +0000

grahamb gravatar image

I guess you could by cobbling something together with scripts and tshark, but note that a continuously running Wireshark or tshark tends to run out of memory due to retained state and that Wireshark is really a packet analyser not a network monitoring tool, there are other tools specifically for that task.

edit flag offensive delete link more

Comments

I wonder if something like ntop or snort might be better to collect and analyze the traffic instead of using Wireshark or associated packet capture utilities.

For wifi traffic, you can have a look at nzyme.

Bob Jones gravatar imageBob Jones ( 2017-12-14 22:21:28 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-12-14 17:43:28 +0000

Seen: 1,956 times

Last updated: Dec 14 '17