Multiple interface sniffing with packetbeat & output to 1 file

luciferdude · February 10, 2021, 2:13pm

Hello - I have packetbeat version 7.10 installed on Linux (RHEL Centos 7) server. I've configured packetbeat to listen on two interfaces. I was able to calculate this by using the command packetbeat devices command. Everything is working as expected and data is being generated.

Is it correct to configure packetbeat to listen on multiple interfaces like below and capture traffic from both interfaces into a single output file?
How can i distinguish between data that is coming from interface 0 vs interface 1?

packetbeat.interfaces.device: 0
packetbeat.interfaces.device: 1
packetbeat.interfaces.type: pcap

output.file:
path: "/home/user/packetbeat/"
filename: packetbeat.jsonl

system · March 10, 2021, 4:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Listen for different protocols over different interface Beats packetbeat	3	452	November 13, 2019
Listening on multiple (but not all) interfaces? Beats packetbeat	2	1896	December 14, 2016
How to do sniff data from all connected network in windows packetbeat Beats packetbeat	6	1441	October 4, 2018
Multi packetbeat instances Beats packetbeat	1	626	December 24, 2017
Packetbeat not working & showin only one interface Beats packetbeat	1	430	February 16, 2023

Multiple interface sniffing with packetbeat & output to 1 file

Related topics