Maybe he wants something like "rpcapd"?
On Wed, 7 Feb 2007 19:36:23 -0800, "Guy Harris" <guy@xxxxxxxxxxxx> said:
>
> On Feb 7, 2007, at 7:16 PM, Brian Wallen wrote:
>
> > I'm currently running a Watchguard Firewall box and using the Windows
> > program Winsyslog to monitor it's traffic.
>
> "Monitor its traffic" in what sense?
>
> The WinSyslog I found with Google is a syslog daemon, meaning that it
> receives syslog protocol (RFC 3164):
>
> http://www.ietf.org/rfc/rfc3164.txt
>
> packets and logs the messages in them.
>
> If that's the program you're running, that's not monitoring raw
> network traffic, it's just monitoring messages that the Watchguard box
> is sending, just as the syslog daemon that comes with UN*X systems can
> do.
>
> > Is there a way I can make
> > wireshark remotely connect to my firewall the same way that
> > Winsyslog does?
>
> If "the same way that Winsyslog does" is referring to logging syslog
> messages, no, you can't - Wireshrk is a raw network traffic capture
> and analysis program, not a higher-level "system monitoring" program
> to watch things such as syslog messages. (It can dissect the syslog
> protocol, but that no more makes it a syslog monitoring program than
> does its capability to dissect the HTTP protocol make it a Web browser.)
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
--
Hans Nilsson
hasse_gg@xxxxxxxx
--
http://www.fastmail.fm - I mean, what is it about a decent email service?
