Hi,
First, I'd like to thank you for the great job you're providing !
Here is my use case :
I want to get DNS data into ELK (huge amount of packets/ sec).
Packetbeat is installed on a dedicated server.
I installed Packetbeat (1.0.0 rpm for RHEL install)
Here is the RHEL release version:
cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.7 (Santiago)
my packetbeat.yml
> interfaces: > device: eth1 > with_vlans: true > protocols: > dns: > ports: [53] > > include_authorities: true > > include_additionals: true > output: > logstash: > hosts: ["localhost:5044"] > worker: 2
When trying the af_packet type in packetbeat.yml, I get the following error:
2015-12-15T14:27:59+01:00 CRIT Initializing sniffer failed:
Error creating sniffer: setsockopt packet_rx_ring: cannot allocate memory
I'm not a linux specialist, so please could you advise?
best regards.