We're successfully accessed the payload past UDP using the Payload field within the Packet struct. We see the tuple information as well for IP.
What we're wondering however is how can we access other lower layer information from IP (TTL), or Ethernet (VLAN ID, MAC addresses), etc. Is that possible? If not, is there at least a way to get the entire packet payload (not just past UDP), so that we could parse this ourselves?
Unfortunately, full packet information is not available to protocol processors. As making this information available requires a significant refactor to Packetbeat. Feel free to create an Enhancement request, or experiment with propagating this information yourself, from the Decoder in decoder.go to the UDP protocol processor.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.