0

I am trying to index ICMP packets into elasticseach using Packetbeat. I do know that the current Packetbeat infrastructure just provides support for TCP & UDP plugins, so starting at the transport layer. ICMP is one layer below (network layer) but is there any way in which I could get these data to be indexed.

I tried adding this to packetbeat.yml:

icmp.enabled: true
Val
  • 207,596
  • 13
  • 358
  • 360
Celestine Timmy
  • 55
  • 8

1 Answers1

1

This is not implemented yet, but an issue has been filed, is still open but is being worked on.

If you don't feel like waiting and want to develop your own extension, you may do so by adding a new protocol yourself.

Val
  • 207,596
  • 13
  • 358
  • 360
  • Note that this [feature is available](https://www.elastic.co/guide/en/beats/packetbeat/current/configuration-protocols.html#_icmp_configuration_options) since release 1.1.0 – Val May 25 '16 at 04:12