DanielSchwartz1
commented
6 years ago Hi Collse, thanks for the hint. I will check it. First time i hear about it.
Regarding your request. I am happy to hear new ideas. Can you specify what you mean?
Closed collse closed 6 years ago
DanielSchwartz1
commented
6 years ago Hi Collse, thanks for the hint. I will check it. First time i hear about it.
Regarding your request. I am happy to hear new ideas. Can you specify what you mean?
collse
commented
6 years ago basically, a frontend that allows the pcap upload via your interface and that it will upload it to the specified directory, from where it will be read ... so I dont need to upload the pcaps via scp or so ..
DanielSchwartz1
commented
6 years ago Got it! Thanks! btw. I've uploaded new version 4.1.9 to splunkbase. As soon as it will be approved, I will close that issue. The new version will have your tweak implemented. Thanks again.
collse
commented
6 years ago Happy to help - keep up the good work!
DanielSchwartz1
commented
6 years ago Version 4.1.10 is available now.
I had to do a few tweak to get this to work on Ubuntu.
1) wireshark didnt include tshark - needs manual install on ubuntu 2) /opt/splunk/etc/apps/SplunkForPCAP/bin/pcap2csv.sh caused errors
changed:
if [[ "$TSHARK_V" =~ "$V2" ]]; then ./$V11 elif [ "$TSHARK_V1" -le "10" ]; then ./$V10 else ./$V11to:
if [[ "$TSHARK_V" =~ "$V2" ]]; then $V11 elif [ "$TSHARK_V1" -le "10" ]; then $V10 else $V11as otherwise it tries to call the script with ./ which returns a file/command not found
not sure if the above is a general issue but I thought I mention it ...
feature request: allow pcap upload to /var/tmp from the interface ...