Hi all. I want to use ELk stack with beats to capture all traffic in my network. I installed ELK stack on VM and I want to capture all the traffic which goes in or out in my network. My configuration is set in this way: I have a span port on my firewall and my switch is connected to this port, after that traffic comes from switch to my NIC and this card is installed directly in the server where is my VM. The question is: when the traffic comes in this way to my server - that is layer 2 traffic from OSI model. Is it possible for Beats to capture layer 2 frames or what should I do to review this traffic, because it comes directly to my VM. Probably I need another tool to transform this traffic, but can you recommend me which one. Thank you in advance!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.