Hi!
I'm trying to monitor packets (mainly http, mysql, redis, but it might be anything) using packetbeat on a Docker environment.
Using a single docker instance everything works flawlessly, but when I try the same thing using a docker cluster (swarm) with overlay networks packets are no more recognized.
Doing a little investigation, it seems that docker networks work over a vlan-like protocol, VxLan. I found an old blog post suggesting how to sniff vxlan packets in wireshark using a Lua script, and I was wondering if something similar is possible within packetbeat too: http://www.lovemytool.com/blog/2011/11/analyzing-vxlan-packets-using-wireshark-by-srivats-p.html
Thanks
Marco