We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-users: Re: [Wireshark-users] Opening Pix Syslog with Wireshark

From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Tue, 11 Sep 2007 12:22:33 -0700
  [ Forwarded from wireshark-users-owner ]

As far as I know, the PIX syslog output only contains summary data, e.g. IP
addresses and port numbers.  This doesn't provide enough information to
reconstruct the network packet data required by Wireshark.  There are many
applications that can analyze syslog files, but Wireshark isn't one of them.
(Well, I suppose you could point the "logging host" command at your workstation
and capture syslog messages as the come in, but that may not be what you're
looking for.)

Newer versions of the PIX OS have a "capture" command that lets you save traffic
in a libpcap-formatted file, which Wireshark, tcpdump, WinDump, and a ton of
other tools can read.

munyaradzi.nduku@xxxxxxxxxxxxx wrote:
> Hi
> I want to analyse a syslog produced by Pix Firewall in Wireshark. I export
> the syslog as a txt file.
> Thank you
> -------------------------------------------
> South Africas premier free email service - www.webmail.co.za 
> ------------------------------------------------------------------
> For super low premiums, click here http://www.webmail.co.za/dd.pwm