Hi,
I have PCAP files (hundreds of GB:s) with recorded syslog traffic (UDP/514) containing log events from Windows hosts. I would like to import and parse the data in Graylog. I would also like to preserve the PCAP timestamps and store those as an additional field for each log message, if possible. Which option(s) would you suggest?
Thanks!