Multiple interface sniffing with packetbeat & output to 1 file

luciferdude · February 10, 2021, 2:13pm

Hello - I have packetbeat version 7.10 installed on Linux (RHEL Centos 7) server. I've configured packetbeat to listen on two interfaces. I was able to calculate this by using the command packetbeat devices command. Everything is working as expected and data is being generated.

Is it correct to configure packetbeat to listen on multiple interfaces like below and capture traffic from both interfaces into a single output file?
How can i distinguish between data that is coming from interface 0 vs interface 1?

packetbeat.interfaces.device: 0
packetbeat.interfaces.device: 1
packetbeat.interfaces.type: pcap

output.file:
path: "/home/user/packetbeat/"
filename: packetbeat.jsonl

system · March 10, 2021, 4:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Listen for different protocols over different interface Beats packetbeat	3	452	November 13, 2019
How to do sniff data from all connected network in windows packetbeat Beats packetbeat	6	1441	October 4, 2018
Packetbeat not working & showin only one interface Beats packetbeat	1	430	February 16, 2023
Packetbeat File Output Options Beats packetbeat	3	784	March 28, 2017
On the division of labor between packetbeat and filebeat Beats filebeat , packetbeat	3	404	September 22, 2021

Multiple interface sniffing with packetbeat & output to 1 file

Related Topics