This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark sending syslog data to my pc from dd-wrt, not working

0

I was able to set this up on wall watcher using dd-wrt. setting the remote server to my ip. But in wireshark, the data comes in as: source is always dd-wrt and they protocol is Syslog I assume it is working correctly, because of that but, it is not parsing the data or showing anything useful etc.

What is going on? how can I fix

Thanks

asked 10 Aug '14, 06:02

catcurio's gravatar image

catcurio
1556
accept rate: 0%

edited 10 Aug '14, 06:03


One Answer:

0

I'm sorry, but I don't understand what you are asking for:

So, here are some questions in return:

  • What is 'wall watcher'? I only know whale watching ;-)
  • What kind of data do you send to your 'remote server'?
  • What kind of protocol are you using (you mentioned syslog)?

but, it is not parsing the data or showing anything useful etc.

I guess that's your real question, right?

If so, my answer would be:

  • maybe because the data is encrypted
  • or because it's not syslog traffic, although the same port is being used.

Regards
Kurt

answered 10 Aug '14, 06:13

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

HI Thanks for your response. Wallwatcher captures network traffic from routers.

I just realized that maybe wireshark works in a different way and this cannot be done. I think wireshark will capture data through my wireless adapter and not from router? I guess it cannot take the syslog info from the router? (I used this tutorial below to capture using wall watcher, can wireshark do same thing?) http://www.makeuseof.com/tag/paranoid-monitoring-networks-comings-goings-wallwatcher-ddwrt/

Thanks for your help.

(10 Aug '14, 06:26) catcurio

O.K. Wallwatcher looks like a syslog server that receives firewall log messages (iptables, pf, etc.) from several devices and then it does some statistics and graphing on that data.

So, you should be able to see and 'decode' the syslog data, but Wireshark won't be able to create the same usage graphs as Wallwatcher, as Wireshark does not care about the messages being transmitted via syslog, hence it does not analyse the syslog messages.

If you want to have that, you'll have to add some code to Wireshark. See the Lua integration of Wireshark: http://wiki.wireshark.org/Lua

(10 Aug '14, 06:56) Kurt Knochner ♦