Can Packetbeat just be used to show traffic going from a server?

Not a network expert at all, but have some monitoring set up using Auditbeat and the Elastic Stack.

We are interest in identifying files that are being transferred of a server, what the file is called, who requested it and where it is being transferred to.

Is this something Packetbeat can help with?"

What protocols are being used to make these request for files? Are any of them listed at

Hi Andrew. Thanks for getting back to me.

Not 100% sure, but I can try and find out. There are probably 2 main types of thing we are trying to monitor.

  • Access via a mapped network drive (Samba or smb)
  • Access via an SFTP client such as Filezilla

Not sure which protocols either of these will use, but will try and find out.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.