PCAP to Syslog utility

Posted on

PCAP to Syslog utility – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, wireshark, tcpdump, packet-sniffer, .

I am looking for a tool which sniff all the traffic on an interface and produce a syslog like Cisco log in real time.
Example :

Feb 16 10:19:05 tcp S.S.S.S(6083) -> D.D.D.D(80), 1 packet
Feb 16 10:19:07 tcp S.S.S.S(80) -> D.D.D.D(4662), 1  packet
Feb 16 10:19:11 igmp S.S.S.S ->, 1 packet
Feb 16 10:19:13 udp S.S.S.S(53) -> D.D.D.D(13341), 1 packet
Feb 16 10:19:13 icmpv6 FE80::660:2408:2:2 -> FF02::1 (134/0), 2 packets

In the example S.S.S.S are source IP address, D.D.D.D are destination IP address.

I try with tshark, but I can’t do all the possibilities with the filters, because some times there is ports (for TCP or UDP), and sometimes not.
It would be cool if we can have the L2 addresses too.

Do you have such tool in your box ? It should work on Debian Linux. It will be a daemon to capture all the traffic to text.

Thanks !

Solution :

You could use iplog but it looks like it is very old (not updated since 2001 according to that web page.)

There is also the possibility of using the host firewall to do it; just create a “null” rule that matches every packet and has a target of LOG; you can use GUI tools or iptables command to do this.

Leave a Reply

Your email address will not be published.