First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Seeing lines with "Capture-DEBUG" string in json output

On my desktop running Scientific-Linux-6.9, I installed wireshark-2.6.1 from sources. I am using the below command line for capturing json output:

/opt/wireshark-2.6.1/bin/tshark -c 10 -T json -n -Q -q -t u  > /tmp/out.txt

I do see a json output in the /tmp/out.txt, but before the json string, there are few lines with the "Capture-DEBUG" string in them. A sample line looks likes this:

(process:14338): Capture-DEBUG:   Interface [randpkt] "Random packet generator"

Any idea how to suppress these lines from appearing in the output file?

UPDATE: For testing, got two VM's running, one with Scientific-Linux-6.9 (same as my desktop version) and the second one a CentOS-Linux-7.4. The above mentioned problem appeared on Scientific-Linux-6.9 VM but not on CentOS-Linux-7.4 VM. Could be a Scientific-Linux-6.9 distro related issue?

Thanks Jitendra

Jitendra Nair's avatar
1
Jitendra Nair
asked 2018-06-13 07:51:26 +0000, updated 2018-06-22 08:50:46 +0000
edit flag offensive 0 remove flag close merge delete

Comments

As described here I used the tshark option '-oconsole.log.level:0' but still I the see the 'Capture-DEBUG' lines.

Jitendra Nair's avatar Jitendra Nair (2018-06-13 11:01:54 +0000) edit
more
  • delete

OP here, what works on my system (Scientific Linux release 6.9) is the old stable release - wireshark-2.4.7 . Using this version I do not see the debug string mentioned in my question. I also installed version 2.6.0 and version 2.5.1(devel) from sources both have the same issue as version 2.6.1

So seems I need to ditch the latest stable and will use the old stable release - version 2.4.7.

Jitendra Nair's avatar Jitendra Nair (2018-06-14 08:05:01 +0000) edit
more
  • delete

The json produced by tshark version 2.4.7 for bulk loading to elasticsearch gives '"Duplicate field' errors which seems to be fixed in 2.6.x, so may be as @Pascal suggests go with the worst case - to edit extcap.c and comment the calls to g_log and recompile.

Jitendra Nair's avatar Jitendra Nair (2018-06-14 10:19:05 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

Hi Jitendra,

you have the debug log level activated. To change it back to default value open your preferences files (you can find its location by launching the Wireshark GUI -> Help -> About Wireshark -> Folders -> Personal configuration or GLobal configuration, search console.log.level and set it back as-is:

####### Console ########

# Log level
# Console log level (for debugging)
# A bitmask of log levels:
# ERROR    = 4
# CRITICAL = 8
# WARNING  = 16
# MESSAGE  = 32
# INFO     = 64
# DEBUG    = 128
#console.log.level: 28
Pascal Quantin's avatar
5.8k
Pascal Quantin
answered 2018-06-13 10:38:32 +0000
edit flag offensive 0 remove flag delete link
more

Comments

@Pascal yes I did search my global and personal settings folders but could not see any mention of the 'console.log.level'. As mentioned in the comment to my own question I also did try setting the debug level to zero using the command line option '-oconsole.log.level:0' (mentioned here) but no luck.

Jitendra Nair's avatar Jitendra Nair (2018-06-13 11:25:21 +0000) edit
more
  • delete

This log is generated in extcap.c when the log level is set to 128. So you should have something that overrides this setting, or those logs are called before the preferences are loaded. Worst case as you worked with the source code, you can comment this call to g_log and recompile.

Pascal Quantin's avatar Pascal Quantin (2018-06-13 12:56:19 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer