Solved

Wireshark log file size problem

Posted on 2009-04-02
4
1,299 Views
Last Modified: 2012-05-06
I have 5 servers on the network I am managing, now the trouble I am having is, due to very high traffic, the log files that are generated have a very high size (Like 5 GB per hour) this is because its monitoring all protocols.

It monitors so many that I dont need, I just need a few like HTTP, SMTP and common ones. How can I EFFECTIVELY set these rules?

The file size should be reduced to a few MBs per hour.

Please advise.


Regards
0
Comment
Question by:westdata
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 24052359
Sounds like you should set some Capture filters to only capture the IP's for the servers and port ranges you are interested in:  

http://wiki.wireshark.org/CaptureFilters
http://www.wireshark.org/docs/wsug_html_chunked/ChCapCaptureFilterSection.html

For Example, a capture filter for smtp that captures traffic to and from a particular host
"tcp port 25 and host 10.10.10.1"

or a filter for SMTP and WEB
host 10.10.10.1 and  (port 80 or port 25)

      

0
 

Author Comment

by:westdata
ID: 24054193
Thankyou so much MikeKane :)

One more question, I saw many useful filters there, now how can I use more than two filters at a time.

When I go to "How the Capture option.." on the quick link bar, I see just I can enter just one filter. How can I add more filters like:

port not 53 and not arp
and
dst net 192.168.0.0/24
and...


Any idea?

Thanks again!
0
 
LVL 16

Accepted Solution

by:
SteveJ earned 500 total points
ID: 24055289
(port not 53 and not arp) and (dst net 192.168.0.0/24)

Good luck,
Steve
0
 

Author Closing Comment

by:westdata
ID: 31565899
Great!
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question