Ethereal-users: [Ethereal-users] Logging SNMP at Application Level Only

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Jean Li-Kam-Tin" <jean.li-kam-tin@xxxxxxxxxx>
Date: Fri, 28 Jul 2006 12:23:50 +0100
 
We are trying to use Ethereal to log only SNMP messages at the application level and each of the 3 export formats we have examined have good advantages but some major draw backs. We feel we are almost there but not quite.
 
1. PDML (Packet Details Markup Language)
----------------------------------------
 
Advantage : this gives all the detail we need for each SNMP message
 
Disadvantage : each packet is dumped in full detail all the way down to the IP packet level and results in HUGE FILES (to the order of 100 times larger than the originating dump file); we have considered doing post-processing of the XML but this still increases our disk space budgets beyond
 
Possible Solution : modify the PDML exporter of Ethereal to output the SNMP packet level only; has anyone anything like this ? would this only be possible by modifying source code or is this controllable by a configuration file ?
 
 
2. CSV (Comma Separated Variables)
----------------------------------
 
Advantage : this is much more space-efficient than PDML and faster to load in other prospective post-processing tools
 
Disadvantage : the Information column is missing crucial SNMP-specific fields
 
Possible Solution : modify the Information column or add SNMP-specific columns to the packet list of Ethereal; has anyone anything like this ? would this only be possible by modifying source code or is this controllable by a configuration file ?
 
PSML (Packet Summary Markup Language) presents a similar situation to CSV
 
 
3. Plain Text
-------------
 
Advantage : this is more space-efficient than PDML, and though not not as space efficient as CSV, it does have all the SNMP level fields
 
Disadvantage : the current plain text output format would need to be parsed to extract the SNMP information we need
 
Possible Solution : modify the plain text output format and layout to focus only on SNMP-fields; has anyone anything like this ? would this only be possible by modifying source code or is this controllable by a configuration file ?
 
 
It has been suggested that we also consider at using TCPDUMP directly; we have not progressed this yet.
 
Any help would be gratefully received.
 
 
Regards,
 
J B Li
------
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users