Does it support the collection of UDP traffic on the specified port number?

Does it support the collection of UDP traffic on the specified port number?

Hi @angelyouyou welcome to the community.

Can you be more specific which "it" for collecting UDP traffic are you referring to ?

Filebeat, packetbeat, Logstash?

We can probably help if you are more specific with your question.

Packetbeat is a Layer 7 Capture mechanism

Packetbeat works by capturing the network traffic between your application servers, decoding the application layer protocols (HTTP, MySQL, Redis, and so on), correlating the requests with the responses, and recording the interesting fields for each transaction.

So the answer is no it listens at a device level... however you can filter on

network.transport (tcp/udp) and / or source.port and destination.port if so desired.

See Exported fields here

So you could filter and only record those data.

Filebeat can capture raw UDP Packes on Particular Ports see Here

I want to get the UDP traffic information(pps/bps, not the contents) of the specified port for display. I guess it means packetbeat.
Is there any way to get this statistic (bps/pps) count bu Filebeat, packetbeat or Logstash?
Thanks very much for your help.

Hi @angelyouyou

I am looking but I do not think metricbeat or packetbeat capture exactly what you want.

metribeat capture I/O in total bytes and packets which can then be converted to bps and pps at an network interface level using the network module. It does not capture at the port level.

packetbeat captures the Bytes and Packets for flows so it it is the total bytes and packets per flow and a flow has a duration so it is not really bps or pps either.

Perhap take a look at the new socket auditbeat module here for linux systems.

I think socket auditbeat module meets my usage.
Thanks

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.