Hi,
I was trying to use Packetbeat to monitor network traffic of a FTP server. in a specific way, I was trying to log all the attempted connections on local port 21 and 22.
Just to start I've enabled http protocol on port 21-22 with this code:
packetbeat.protocols.http:
ports: [21, 22]
but I'm getting event from a lot of local ports.
Packetbeat does not support the FTP protocol. See https://www.elastic.co/guide/en/beats/packetbeat/current/packetbeat-overview.html for a list of supported protocols.
perfectly correct, I knew that but the if I try to connect via ftp or sftp to a file transfer server I will generate TCP traffic that theoretically Packetbeat can sniff.
Do you think could be an idea to think up a support to FTP protocol?
It's possible, it may not be difficult given the FTP protocol is pretty static (in regards to changes) too 
I guess you suggest to start from NewProtocolGuide
right?
If you don't need application layer details about the traffic you could try using flows.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.