Let’s remain positive, an adjective that is somewhat difficult to use on a daily basis in the health context of the pandemic 😉 (…)
Putting PCAP trace in Elasticsearch is a very good option to find patterns and troubleshoot network issues.
If you have been playing with Forcepoint™ firewalls, you know that traffic logs can be browsed and searched through their central management console (SMC).
If you play with packet captures on a regular basis, it’s likely you’ve already wondered if it’s possible to identify quickly what generates most traffic, what amount of data was transferred, etc.
This bash tip can be useful when trying to extract all HTTP requests from PCAP generated traces.
The idea is to explore the use of Elasticsearch to index live monitoring events coming from various sources.
One of our customers recently asked us to setup Nagios plugin check_esxi_hardware.py from Claudio Kuenzler on its CentOS 6 monitoring server.
help text for search