Wireshark-users: Re: [Wireshark-users] Connecting to a remote device
From: "Hans Nilsson" <[email protected]>
Date: Thu, 08 Feb 2007 02:57:36 -1100
Maybe he wants something like "rpcapd"?

On Wed, 7 Feb 2007 19:36:23 -0800, "Guy Harris" <[email protected]> said:
> On Feb 7, 2007, at 7:16 PM, Brian Wallen wrote:
> > I'm currently running a Watchguard Firewall box and using the Windows
> > program Winsyslog to monitor it's traffic.
> "Monitor its traffic" in what sense?
> The WinSyslog I found with Google is a syslog daemon, meaning that it  
> receives syslog protocol (RFC 3164):
> 	http://www.ietf.org/rfc/rfc3164.txt
> packets and logs the messages in them.
> If that's the program you're running, that's not monitoring raw  
> network traffic, it's just monitoring messages that the Watchguard box  
> is sending, just as the syslog daemon that comes with UN*X systems can  
> do.
> > Is there a way I can make
> > wireshark remotely connect to my firewall the same way that  
> > Winsyslog does?
> If "the same way that Winsyslog does" is referring to logging syslog  
> messages, no, you can't - Wireshrk is a raw network traffic capture  
> and analysis program, not a higher-level "system monitoring" program  
> to watch things such as syslog messages.  (It can dissect the syslog  
> protocol, but that no more makes it a syslog monitoring program than  
> does its capability to dissect the HTTP protocol make it a Web browser.)
> _______________________________________________
> Wireshark-users mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-users
  Hans Nilsson
  [email protected]

http://www.fastmail.fm - I mean, what is it about a decent email service?