Lately I upgrade to use packetbeat version 5.x, I found bpf_filter option not working as previously in packetbeat version 2.x, basically if I set this option in configuration file, I can still see packetbeat which is not qualified with this filter syntax coming in .
the configuration I 'm using is as below,
packetbeat.interfaces.bpf_filter: "host 188.8.131.52 and 184.108.40.206 and port 18001"
then I can still receive packetbeat from another IP address like 220.127.116.11 with port 18001
Any ideas ? or did I miss something ?
thanks for your help in advance.