Configuring packetbeat to monitor traffic from remote server


(Shashank) #1

Hello everyone I am new to packetbeat . I wanted to monitor traffic on a remote host whose ip address is 192.168.0.122 . How should I configure so that I can monitor the traffic on ports 80 and 27017. Here is my configuration file but this is throwing error:
Error creating sniffer: non-network bits set in "192.168.0.124/0"
...fail!
Here is my yaml file.
############################# Sniffer #########################################

Select the network interfaces to sniff the data. You can use the "any"

keyword to sniff on all connected interfaces.

interfaces:
device: any
bpf_filter: "net 192.168.0.122/0"


(Steffen Siering) #2

you somehow have to forward the traffic send to 192.168.0.122 to your sniffing machine. Is is normally done via port-forwarding in your switch or via network taps.


(Shashank) #3

The configuration will be the same as when it is while I have both packetbeat and app server running on the same machine ? or should I specifically add ip addresses when packetbeat and server are running on different servers.


(Steffen Siering) #4

when using port forwarding or taps, you normally will push all traffic into one interface. So, instead of using device: any, I would configure the device receiving all forwarded packets. e.g. device: eth5. If you need additional filtering is up to you (e.g. if tap is pushing traffic from multiple machines).


(system) #5

This topic was automatically closed after 21 days. New replies are no longer allowed.