添加链接
link之家
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接

You didn't mention what you are monitoring with Packetbeat, but I'm assuming you are talking about flow data rather than any one specific protocol.

There are multiple ways to filter Packetbeat data. Here are a few options you can set in your config file.

  • packetbeat.interfaces.device: eth0 - On Linux the psuedo "any" interface is used by default. If you do not want to capture localhost traffic then you can change the value to listen on a specific interface like eth0 .
  • packetbeat.interfaces.bpf_filter: "net 192.168.0.0/16 not port 5044" - You can use a custom BPF filter to select the traffic you are interested in.
  • Use a drop_event processor to select specific events to drop. It's more efficient to filter the traffic using one of the other methods. This would drop the data only after it has been processed by Packetbeat and turned into an event.
  • share improve this answer