Hi
I want to implement Nagios LS for analyse network packet(pcap) traces.
For real time analysis - live network packet stream and, or
input pcap prerodically to NLS.
Can it be done in NLS ? if yes, then could you please share if you have a user guide?
Thank you
Chandana
Input pcap to Nagios LS
Re: Input pcap to Nagios LS
There does exist a community Logstash plugin for ingesting pcaps, but I've never used it and it's not an official Logstash plugin so comes with no particular guarantees:
https://github.com/purbon/logstash-input-pcap
I don't know of any documentation for installing Logstash plugins in Nagios Log Server. Logstash itself has plenty of documentation for doing that.
For one-off stuff like RCA and incident research, Wireshark is a much better tool for that sort of stuff. You'd really only use Nagios Log Server or something like Nagios Network Analyzer if you needed real-time analysis.
https://github.com/purbon/logstash-input-pcap
I don't know of any documentation for installing Logstash plugins in Nagios Log Server. Logstash itself has plenty of documentation for doing that.
For one-off stuff like RCA and incident research, Wireshark is a much better tool for that sort of stuff. You'd really only use Nagios Log Server or something like Nagios Network Analyzer if you needed real-time analysis.
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Input pcap to Nagios LS
I agree with @mcapra, the other tools would likely be better.
If you want to attempt the installations of the community plugin
NOTE: We have NOT testing this plugin with Nagios Log Server
If you want to attempt the installations of the community plugin
Code: Select all
cd /usr/local/nagioslogserver/logstash/
bin/logstash-plugin install /path/to/plugin