Wireshark-bugs: [Wireshark-bugs] [Bug 1171] Create different output files that can be read by X-
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1171
alpha096@xxxxxxxxxx changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Create different output |Create different output
|files that can be read by X-|files that can be read by X-
|Base or VSC |Base or CSV
------- Comment #2 from alpha096@xxxxxxxxxx 2006-10-20 16:42 GMT -------
Thanks for your message.
No could not selfishly ask just for myself, however as a former developer
output file formats is the key to further data analysis. The community would
probably be very if you could have a choice of
The number of hits Kiwi Syslog get a day are in the 1,000 for an Linux Daemon
but are disapointed they dont have the capture vehicle and Kiwi Daemo runs on
Windows and is not likely to change soon.
1.Flat file and in the case of capturing UDP/514 Ruters/IDS etc there is a
standard file information that is defined by RFC3164
2.
http://www.ietf.org/rfc/rfc3164.txt
2. Open Document database format.
3. Open Document Spread sheet
4. D-base x-base .
5. CSV.
The concept of being able to have a capure process (in the case UDP/514) and
both display and caputre a file in the above file formats I cannot rell you how
many deperate people out the who need to maintain a seperate MS-Windows) PC
just to run.
http://www.kiwisyslog.com/syslog-info.php.
My whole company is dependant on reading various syslog generated data for
clients where I am able to watch their IDS/Router information fro afar and
advise either internal or external threat in plane English. We detect malware
and monitor IDS and router information. Some of this is already part of an IDS
specialist, however I dont come cheep on-site
There is a trend these days to incorporate a management module for the data and
it all begins in capturing 'UDP/514" - Syslog Non Linux term)
With a flat file for example I could employ a display vehicle such as
http://www.kiwisyslog.com/log-viewer-info.php.
Wireshark is the perfect front end for capturing data and I think the above
file formats would be great if these are possible.
Other distributions of Linux like Debian already publish how to capture this
information, however the config files dont work on ALL Linux platforms - SUSE
being one
The are so many admins who want to ditch their last MS-Windows IF they had a
reliable output file from UDP/514.
The crossover between what we know as Syslog in Windows and Syslog in Linux
will take some time yet. Every day my email box asking what the difference is
After all there is no point in companies purchasing IDS/IDP equipment with a
Log Display and we all currently use and whilst its good business for me -m
other struggle a lot with log TCP/IP data.
http://www.kiwisyslog.com/syslog-info.php
Thank you for listening. Who knows I might even develop a Management Module
Open Source from this output file.
I will leave you with a present you may not know about.
http://www.dnsstuff.com/
http://www.dnsstuff.com/pages/expert.htm
http://www.ipv6tools.com/
Regards Scott
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
