Use ngrep to capture syslog traffic
Instead of using wireshark on Linux to capture traffic try ngrep # sudo ngrep -d <interface> ‘<search string>’ ‘port 514’ source:
Instead of using wireshark on Linux to capture traffic try ngrep # sudo ngrep -d <interface> ‘<search string>’ ‘port 514’ source: