Hi,
I may be missing it, but I can't seem to find how to have packetbeat strip GRE headers from a L2 tunnel I have set up. Basically, when looking at the traffic in tcpdump, tshark, or wireshark, you can see the traffic plainly (it isn't encrypted, just encapsulated) within the GRE tunnel.
I saw there is a filter w/in beats to strip VLAN tags, and this would be similar, but the encapsulation ends at byte 37.
Will packetbeat read this traffic automagically, does it need a filter statement, or is it not capble of decapsulating such a tunnel currently?
Thanks,
Bill