Today, I just noticed that filebeat can also listen to TCP or UPD traffic data, even NetFlow traffic data. Shouldn't these be the working scope of packetbeat.
I feel beat's planning is a little messy!
The TCP and UPD inputs in filebeat receives message using those protocols, it will start up a listener on the specified port and wait for messages, the same thing happens to the netflow input which will listen for netflow traffic messages using UDP.
Packetbeat will capture the packets directly from the network interface, it will not listen on any port for messages or things like that.
They are different things with different functions.
1 Like
I see. Thank you for your reply
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.