[Dshield] Syslog facility

slashdotfx slashdotfx at gmail.com
Thu Mar 3 03:35:46 GMT 2005


AFAIK, you can't, tcpdump can only parse protocol headers, not
the messages within.

Why not to put the facility onto different files through the syslog.conf
directives?


On Wed, 02 Mar 2005 13:39:38 -0500, Esler, Joel CNTR/Sytex
<joel.esler at rcert-s.army.mil> wrote:
> Is there anyway to tell what facility syslog UDP traffic is coming in
> out through the use of tcpdump?
> 
> When I put *.* in my syslog.conf i get the messages I want, but I can't
> find the facility they are coming in on..
> 
> Joel
> -------------- Sponsor Message ------------------------------------
> SANS Intrusion Immersion Training: Orlando, FL, February 3-9th
> http://www.sans.org/orlando05
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
>



More information about the list mailing list