Hi, I am trying to get all the network traffic of a building, I already install elasticsearch, kibana, logastash and packetbeat. I only get the traffic of the computer where the stack is installed. I am connected to the switch of thw building. I used elasticsearch as an output in packetbeat.yml and use my network interface instead of the localhost also at packetbeat.yml. I hope someone can help me please.
In order to capture all traffic flowing through the switch you will need to setup a mirror port (sometimes called span port) that passes a copy of all traffic flowing through the switch to a dedicated port on the switch. Then you connect a cable between that port and a NIC on the computer running Packetbeat. Finally you configure Packetbeat to monitor that NIC exclusively.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.