[Dshield] Syslog facility

slashdotfx slashdotfx at gmail.com
Thu Mar 3 03:35:46 GMT 2005

AFAIK, you can't, tcpdump can only parse protocol headers, not
the messages within.

Why not to put the facility onto different files through the syslog.conf

On Wed, 02 Mar 2005 13:39:38 -0500, Esler, Joel CNTR/Sytex
<joel.esler at rcert-s.army.mil> wrote:
> Is there anyway to tell what facility syslog UDP traffic is coming in
> out through the use of tcpdump?
> When I put *.* in my syslog.conf i get the messages I want, but I can't
> find the facility they are coming in on..
> Joel
> -------------- Sponsor Message ------------------------------------
> SANS Intrusion Immersion Training: Orlando, FL, February 3-9th
> http://www.sans.org/orlando05
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list