Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Wireshark log file size problem

Posted on 2009-04-02
4
Medium Priority
?
1,302 Views
Last Modified: 2012-05-06
I have 5 servers on the network I am managing, now the trouble I am having is, due to very high traffic, the log files that are generated have a very high size (Like 5 GB per hour) this is because its monitoring all protocols.

It monitors so many that I dont need, I just need a few like HTTP, SMTP and common ones. How can I EFFECTIVELY set these rules?

The file size should be reduced to a few MBs per hour.

Please advise.


Regards
0
Comment
Question by:westdata
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 24052359
Sounds like you should set some Capture filters to only capture the IP's for the servers and port ranges you are interested in:  

http://wiki.wireshark.org/CaptureFilters
http://www.wireshark.org/docs/wsug_html_chunked/ChCapCaptureFilterSection.html

For Example, a capture filter for smtp that captures traffic to and from a particular host
"tcp port 25 and host 10.10.10.1"

or a filter for SMTP and WEB
host 10.10.10.1 and  (port 80 or port 25)

      

0
 

Author Comment

by:westdata
ID: 24054193
Thankyou so much MikeKane :)

One more question, I saw many useful filters there, now how can I use more than two filters at a time.

When I go to "How the Capture option.." on the quick link bar, I see just I can enter just one filter. How can I add more filters like:

port not 53 and not arp
and
dst net 192.168.0.0/24
and...


Any idea?

Thanks again!
0
 
LVL 16

Accepted Solution

by:
SteveJ earned 2000 total points
ID: 24055289
(port not 53 and not arp) and (dst net 192.168.0.0/24)

Good luck,
Steve
0
 

Author Closing Comment

by:westdata
ID: 31565899
Great!
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question