Hi all, I am keen to monitor tcp network flows between two servers. Happens to be Tibco EMS traffic and I understand that the selection of protocol types is limited in Packetbeat but it also infers that you can just capture TCP flows of any TCP protocol via a port. Which "type" would you chose then for this as there is not a generic "TCP" type available. Thanks
Hi @londonx,
Can you try netflow codec plugin i think its work in this link you can see that codec
https://www.elastic.co/guide/en/logstash/current/netflow-module.html
Thanks & Regards,
Krunal.
Thanks for that, I`ll give it a go! EDIT it seems this is more for monitoring network devices, currently I only have access to the servers themselves.
Back to packetbeat, any idea which "type" to use when I just want to monitor a non-supported TCP protocol on a specific port to create a flow for that traffic? HTTP?
Just use the flows feature in packetbeat. No need to configure any application layer protocol. If you know the port to be monitored, you also might want to configure a pcap-filter, so to reduce the amount of traffic to be processed by packetbeat.
I see thanks! So potential feature request? Have a generic "TCP" type where you can specify a list of ports and get transport layer flows for just those? 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.