chrisxaustin · October 9, 2024 23:05 · nhed · Oct 9, 2024 · chrisxaustin · Oct 9, 2024
diff --git a/tshark-syslog b/tshark-syslog

 # To read foo.pcap
 tshark -ln -r foo.pcap -q -d udp.port==514,syslog -T fields -E separator="  " -e ip.src -e syslog.msg

 # To listen on eth0
 tshark -ln -i eth0 -q -d udp.port==514,syslog -T fields -E separator="  " -e ip.src -e syslog.msg

	# To read foo.pcap
	tshark -ln -r foo.pcap -q -d udp.port==514,syslog -T fields -E separator=" " -e ip.src -e syslog.msg

	# To listen on eth0
	tshark -ln -i eth0 -q -d udp.port==514,syslog -T fields -E separator=" " -e ip.src -e syslog.msg