Wireshark-bugs: [Wireshark-bugs] [Bug 5241] Cannot run tshark under tcp using decode-as format f
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5241
--- Comment #2 from Michael <mworsham@xxxxxxxxxx> 2010-09-21 08:30:06 PDT ---
(In reply to comment #1)
> What RFC is syslog-ng over TCP? I can only find RFC 5425 talking about
> syslog-tls.
> Do you have a sample capture to work with?
If you attempt to do "tshark -V -d tcp.port==514,syslog", the tshark responds
with a listing of valid protocols for the layer type "tcp.port" and syslog
isn't one of them.
Dump file is available here: http://www.murpe.com/syslog-ng.tshark-dump.txt
To me the message appears to be proper RFC 3164 BSD syslog format which should
work OK. http://www.ietf.org/rfc/rfc3164.txt
Syslog message: USER.NOTICE: Sep 20 22:19:30 drupal root: daemon\n
0000 1... = Facility: USER - random user-level messages (1)
.... .101 = Level: NOTICE - normal but significant condition (5)
Message: Sep 20 22:19:30 drupal root: daemon\n
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.