How to sniff data from all connected network in packetbeat
how to do packetbeat.interfaces.device: all in windows ?
is there a way for that ?
Currently, it's only possible to capture from one device at a time. Linux supports capturing from any which allows Packetbeat to capture from all devices.
On other operating systems, you have to start multiple instances of Packetbeat. There's an open feature request for capturing from multiple devices.
how do i start multiple instances ?
if i try to install beat from powershell code it just say already installed
please give replay
You don't need to install packetbeat more than once. Just run two or more instances of it, each one with a different interface and pointing to a different data dir.
packetbeat run --path.data=data0 -E packetbeat.interfaces.device=0
packetbeat run --path.data=data1 -E packetbeat.interfaces.device=1
packetbeat run --path.data=data2 -E packetbeat.interfaces.device=2is th path.data value is fully qualified path to data folder ? or can i set path in yml file ?