https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5241
Summary: Cannot run tshark under tcp using decode-as format for
syslog
Product: Wireshark
Version: 1.0.15
Platform: All
OS/Version: Red Hat
Status: NEW
Severity: Major
Priority: Low
Component: TShark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: mworsham@xxxxxxxxxx
Build Information:
TShark 1.0.15
Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 2.12.3, with libpcap 0.9.4, with libz 1.2.3, without POSIX
capabilities, with libpcre 6.6, with SMI 0.4.5, without ADNS, without Lua, with
GnuTLS 1.4.1, with Gcrypt 1.4.4, with MIT Kerberos.
Running on Linux 2.6.18-194.3.1.el5, with libpcap version 0.9.4.
Built using gcc 4.1.2 20080704 (Red Hat 4.1.2-48).
--
It seems tshark won't decode-as for syslog under tcp format, only udp, so this
required me change my syslog-ng.conf on both the client and server sides for
connectivity testing needs.
tshark -V -d udp.port==514,syslog
As per Balabit syslog-ng mailing list response: If that tshark problem happened
in a recent version it might be worth reporting a bug. As people come to depend
more and more on TCP Syslog due to reliability and TLS issues this will be an
important feature.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.