Wireshark • Display Filter Reference: Syslog Message

Display Filter Reference: Syslog Message

Protocol field name: syslog

Versions: 1.0.0 to 4.6.0

Field name	Description	Type	Versions
syslog.appname	App Name	Character string	3.0.0 to 4.6.0
syslog.facility	Facility	Unsigned integer (16 bits)	1.0.0 to 4.6.0
syslog.hostname	Hostname	Character string	3.0.0 to 4.6.0
syslog.level	Level	Unsigned integer (16 bits)	1.0.0 to 4.6.0
syslog.msg	Message	Character string	1.0.0 to 4.6.0
syslog.msg.nonconformant	Message conforms to neither RFC 5424 nor RFC 3164; trailing data appended	Label	4.4.2 to 4.6.0
syslog.msgid	Message ID	Character string	3.0.0 to 4.6.0
syslog.msgid.bom	BOM	Unsigned integer (24 bits)	3.0.1 to 4.6.0
syslog.msglen	Message Length	Character string	4.4.0 to 4.6.0
syslog.msu_present	SS7 MSU present	Boolean	1.0.0 to 4.6.0
syslog.procid	Process ID	Character string	3.0.0 to 4.6.0
syslog.sd	Structured Data	Label	4.4.0 to 4.6.0
syslog.sd.element	Element	Label	4.4.0 to 4.6.0
syslog.sd.element.name	Element Name	Character string	4.4.0 to 4.6.0
syslog.sd.param	Parameter	Label	4.4.0 to 4.6.0
syslog.sd.param.name	Parameter Name	Character string	4.4.0 to 4.6.0
syslog.sd.param.value	Parameter Value	Character string	4.4.0 to 4.6.0
syslog.timestamp	Timestamp	Date and time	3.0.0 to 4.6.0
syslog.timestamp_rfc3164	Timestamp (RFC3164)	Character string	3.0.1 to 4.6.0
syslog.version	Version	Character string	3.0.0 to 4.6.0