Getting PacketBeat Raw TCP Payloads 2

I am asking this question again because my first attempt was left unanswered

Is it possible to extract and send the network traffic to logstash as a byte array using PacketBeat? I want to post-process the raw network traffic bytes after sending them to logstash because of the heavy network load.

The protocol I am mentioning is not something well-known, it is a binary protocol flowing over network and it is request-response based. Each request response is inside their own TCP session, so "follow tcp stream" in wireshark is able to show me the request-response of a specific session.

1- session starts
2- request is sent
3- response is sent
4- session ends

Is it possible to just get binary data from a TCP session using PacketBeat? I just need it to extract binary data from each tcp session passing through a network interface.

Thank you

Did you check raw fields? https://www.elastic.co/guide/en/beats/packetbeat/current/exported-fields-raw.html

I believe you can customize processing with custom processors.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.