How to parse live continous logs from iptables using ulog which are in pcap format?

(Akshat Kakkar) #1

I am logging from iptables using ulog pcap plugin. I am using pcap mode as this is fastest possible option with ulog. I am looking at traffic rates of the orders of around 15-20K/sec. I want to parse this live pcap output using logstash and then use elastic search and kibana to provide a nice gui for the same. I am unable to find a way to do this using logstash. Please help ....

(Mark Walkom) #2

Packetbeat can do pcap, but Logstash cannot.

(system) #3