I am interested in creating a dashboard which will visualize network traffic collected from access points. I currently have tcpdump running on an access point and outputting to a pcap file. My intention is to pcap data to ELK.
Can someone provide me some guides on how to do this in seamless manner? Eventually I would eliminate Kibana and use my dasboard implemented through unity3d.
Appreciate suggestions on how to successfully put the pcap data into ELK. I currently heard about packetbeat.
Packetbeat does correlation of the requests with the responses, and inserts a single document per request-response pair in ES. Although, this is generally good as it's a lot more convenient to have them correlated once in ES, this can be problematic if I want to test the setup using offline pcap files.
While I can use Packetbeat to read the packets from a pcap file, its implementation assumes that the packets are read in real time, which can cause some issues with timeout transactions (the time is measured from the current time, not from the initial packet's time).
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.