GeorgeGkinis
commented
9 months ago Are the following possibly what this Feature request asks?:
- Custom HTTP Endpoint Logs
- Custom TCP Logs
Open GeorgeGkinis opened 9 months ago
GeorgeGkinis
commented
9 months ago Are the following possibly what this Feature request asks?:
elasticmachine
commented
9 months ago Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)
GeorgeGkinis
commented
9 months ago Are the following possibly what this Feature request asks?:
- Custom HTTP Endpoint Logs
- Custom TCP Logs
Seems these are meant to receive data from a network interface and parse them with filebeat, not Packetbeat.
We have a use case where we only need to find out which pods send request to a specific IP range. Capturing all HTTP/TLS traffic for our purpose is overkill and brings our cluster to its knees.
This can easily be configured with the following settings when using packetbeat:
This configuration seems not possible when using the Network Packet Capture integration with Fleet.
Feature request Proposal:
Allow for custom user settings for Packetbeat when Fleet managed (as is the case with Filebeat and the Custom Logs integration), so that alongside processors also custom packetbeat settings may be configured.