Hi I am trying to record the traffic using the packet beat and Iwas expected to have the data of the unparsered traffic, within that field I was expected to see the MAC adress. yet I cannot.
How can I ercord and then identify /mac adresses using packet beats?
Packetbeat does not report the MAC address. There is an open enhancement request. https://github.com/elastic/beats/issues/206
Could you provide some details on your use case for the MAC address. Why do you need it? How are you going to use it, etc. Thanks
Hi,
thanks for answering.
The MAC address is a Unique Network Card Identification and when using packet beats to monitor logs from inside the organization its importanat to use the MAC address in addition to the IP identification.
In addtion I plan to enrich the information regarding the NIC with the manifacturer- its agood information when you need tht is crucial when lets say you have problems of duplicate IP's or ARP flooding, Last week I had custmer with this issue and by analyzing the MAC adddress and seen its Cisco related (and I didnt have any cisco n my system) I was able to reffer this problem to the customer to verify the equipment.
Any ways, MAC iis crucial for me
BR,
Ziv.
This topic was automatically closed after 21 days. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.