Solved

Wireshark log file size problem

Posted on 2009-04-02
4
1,296 Views
Last Modified: 2012-05-06
I have 5 servers on the network I am managing, now the trouble I am having is, due to very high traffic, the log files that are generated have a very high size (Like 5 GB per hour) this is because its monitoring all protocols.

It monitors so many that I dont need, I just need a few like HTTP, SMTP and common ones. How can I EFFECTIVELY set these rules?

The file size should be reduced to a few MBs per hour.

Please advise.


Regards
0
Comment
Question by:westdata
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 24052359
Sounds like you should set some Capture filters to only capture the IP's for the servers and port ranges you are interested in:  

http://wiki.wireshark.org/CaptureFilters
http://www.wireshark.org/docs/wsug_html_chunked/ChCapCaptureFilterSection.html

For Example, a capture filter for smtp that captures traffic to and from a particular host
"tcp port 25 and host 10.10.10.1"

or a filter for SMTP and WEB
host 10.10.10.1 and  (port 80 or port 25)

      

0
 

Author Comment

by:westdata
ID: 24054193
Thankyou so much MikeKane :)

One more question, I saw many useful filters there, now how can I use more than two filters at a time.

When I go to "How the Capture option.." on the quick link bar, I see just I can enter just one filter. How can I add more filters like:

port not 53 and not arp
and
dst net 192.168.0.0/24
and...


Any idea?

Thanks again!
0
 
LVL 16

Accepted Solution

by:
SteveJ earned 500 total points
ID: 24055289
(port not 53 and not arp) and (dst net 192.168.0.0/24)

Good luck,
Steve
0
 

Author Closing Comment

by:westdata
ID: 31565899
Great!
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your computer hacked? learn how to detect and delete malware in your PC
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question