On Feb 7, 2007, at 7:16 PM, Brian Wallen wrote:
I'm currently running a Watchguard Firewall box and using the Windows
program Winsyslog to monitor it's traffic.
"Monitor its traffic" in what sense?
The WinSyslog I found with Google is a syslog daemon, meaning that it
receives syslog protocol (RFC 3164):
http://www.ietf.org/rfc/rfc3164.txt
packets and logs the messages in them.
If that's the program you're running, that's not monitoring raw
network traffic, it's just monitoring messages that the Watchguard box
is sending, just as the syslog daemon that comes with UN*X systems can
do.
Is there a way I can make
wireshark remotely connect to my firewall the same way that
Winsyslog does?
If "the same way that Winsyslog does" is referring to logging syslog
messages, no, you can't - Wireshrk is a raw network traffic capture
and analysis program, not a higher-level "system monitoring" program
to watch things such as syslog messages. (It can dissect the syslog
protocol, but that no more makes it a syslog monitoring program than
does its capability to dissect the HTTP protocol make it a Web browser.)
