Hello - I have packetbeat version 7.10 installed on Linux (RHEL Centos 7) server. I've configured packetbeat to listen on two interfaces. I was able to calculate this by using the command packetbeat devices command. Everything is working as expected and data is being generated.
-
Is it correct to configure packetbeat to listen on multiple interfaces like below and capture traffic from both interfaces into a single output file?
-
How can i distinguish between data that is coming from interface 0 vs interface 1?
packetbeat.interfaces.device: 0
packetbeat.interfaces.device: 1
packetbeat.interfaces.type: pcap
output.file:
path: "/home/user/packetbeat/"
filename: packetbeat.jsonl