Hi, I am trying to get all the network traffic of a building, I already install elasticsearch, kibana, logastash and packetbeat. I only get the traffic of the computer where the stack is installed. I am connected to the switch of thw building. I used elasticsearch as an output in packetbeat.yml and use my network interface instead of the localhost also at packetbeat.yml. I hope someone can help me please.
In order to capture all traffic flowing through the switch you will need to setup a mirror port (sometimes called span port) that passes a copy of all traffic flowing through the switch to a dedicated port on the switch. Then you connect a cable between that port and a NIC on the computer running Packetbeat. Finally you configure Packetbeat to monitor that NIC exclusively.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.