Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Wireshark log file size problem

Posted on 2009-04-02
4
Medium Priority
?
1,307 Views
Last Modified: 2012-05-06
I have 5 servers on the network I am managing, now the trouble I am having is, due to very high traffic, the log files that are generated have a very high size (Like 5 GB per hour) this is because its monitoring all protocols.

It monitors so many that I dont need, I just need a few like HTTP, SMTP and common ones. How can I EFFECTIVELY set these rules?

The file size should be reduced to a few MBs per hour.

Please advise.


Regards
0
Comment
Question by:westdata
  • 2
4 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 24052359
Sounds like you should set some Capture filters to only capture the IP's for the servers and port ranges you are interested in:  

http://wiki.wireshark.org/CaptureFilters
http://www.wireshark.org/docs/wsug_html_chunked/ChCapCaptureFilterSection.html

For Example, a capture filter for smtp that captures traffic to and from a particular host
"tcp port 25 and host 10.10.10.1"

or a filter for SMTP and WEB
host 10.10.10.1 and  (port 80 or port 25)

      

0
 

Author Comment

by:westdata
ID: 24054193
Thankyou so much MikeKane :)

One more question, I saw many useful filters there, now how can I use more than two filters at a time.

When I go to "How the Capture option.." on the quick link bar, I see just I can enter just one filter. How can I add more filters like:

port not 53 and not arp
and
dst net 192.168.0.0/24
and...


Any idea?

Thanks again!
0
 
LVL 16

Accepted Solution

by:
SteveJ earned 2000 total points
ID: 24055289
(port not 53 and not arp) and (dst net 192.168.0.0/24)

Good luck,
Steve
0
 

Author Closing Comment

by:westdata
ID: 31565899
Great!
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question