I am trying to get network operation data from my localhost. I know packetbeat can do some of the jobs. However, I would like to collect data with logstash but my configuration didn't output anything. Is there anyone who can give me some suggestions?
input{
udp{
port => 9995
codec => netflow{
versions => [5]
}
}
}
output{
stdout{codec=>rubydebug}
elasticsearch{
index => "logstash-%{+YYYY.MM.dd}"
hosts => "localhost"
}
}
Can anyone help me with that? And I have get some confusion here:
what will be the difference in using netflow input or udp input?
What port should I listen to with udp input?
Thanks in advance.