Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 5241] New: Cannot run tshark under tcp using decode-as format for syslog

[bugzilla-daemon@xxxxxxxxxxxxx]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5241

           Summary: Cannot run tshark under tcp using decode-as format for
                    syslog
           Product: Wireshark
           Version: 1.0.15
          Platform: All
        OS/Version: Red Hat
            Status: NEW
          Severity: Major
          Priority: Low
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: mworsham@xxxxxxxxxx


Build Information:
TShark 1.0.15

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.12.3, with libpcap 0.9.4, with libz 1.2.3, without POSIX
capabilities, with libpcre 6.6, with SMI 0.4.5, without ADNS, without Lua, with
GnuTLS 1.4.1, with Gcrypt 1.4.4, with MIT Kerberos.

Running on Linux 2.6.18-194.3.1.el5, with libpcap version 0.9.4.

Built using gcc 4.1.2 20080704 (Red Hat 4.1.2-48).

--
It seems tshark won't decode-as for syslog under tcp format, only udp, so this
required me change my syslog-ng.conf on both the client and server sides for
connectivity testing needs.

tshark -V -d udp.port==514,syslog

As per Balabit syslog-ng mailing list response: If that tshark problem happened
in a recent version it might be worth reporting a bug. As people come to depend
more and more on TCP Syslog due to reliability and TLS issues this will be an
important feature.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.