Hello everyone I am new to packetbeat . I wanted to monitor traffic on a remote host whose ip address is 192.168.0.122 . How should I configure so that I can monitor the traffic on ports 80 and 27017. Here is my configuration file but this is throwing error:
Error creating sniffer: non-network bits set in "192.168.0.124/0"
...fail!
Here is my yaml file.
############################# Sniffer #########################################
Select the network interfaces to sniff the data. You can use the "any"
keyword to sniff on all connected interfaces.
interfaces:
device: any
bpf_filter: "net 192.168.0.122/0"
you somehow have to forward the traffic send to 192.168.0.122 to your sniffing machine. Is is normally done via port-forwarding in your switch or via network taps.
The configuration will be the same as when it is while I have both packetbeat and app server running on the same machine ? or should I specifically add ip addresses when packetbeat and server are running on different servers.
when using port forwarding or taps, you normally will push all traffic into one interface. So, instead of using device: any, I would configure the device receiving all forwarded packets. e.g. device: eth5. If you need additional filtering is up to you (e.g. if tap is pushing traffic from multiple machines).
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.