Page 1 of 1
Input pcap to Nagios LS
Posted: Thu Jul 26, 2018 2:16 am
by technosol
Hi
I want to implement Nagios LS for analyse network packet(pcap) traces.
For real time analysis - live network packet stream and, or
input pcap prerodically to NLS.
Can it be done in NLS ? if yes, then could you please share if you have a user guide?
Thank you
Chandana
Re: Input pcap to Nagios LS
Posted: Thu Jul 26, 2018 10:39 am
by mcapra
There does exist a community Logstash plugin for ingesting pcaps, but I've never used it and it's not an official Logstash plugin so comes with no particular guarantees:
https://github.com/purbon/logstash-input-pcap
I don't know of any documentation for installing Logstash plugins in Nagios Log Server. Logstash itself has plenty of documentation for doing that.
For one-off stuff like RCA and incident research,
Wireshark is a much better tool for that sort of stuff. You'd really only use Nagios Log Server or something like
Nagios Network Analyzer if you needed real-time analysis.
Re: Input pcap to Nagios LS
Posted: Thu Jul 26, 2018 12:07 pm
by scottwilkerson
I agree with
@mcapra, the other tools would likely be better.
If you want to attempt the installations of the community plugin
Code: Select all
cd /usr/local/nagioslogserver/logstash/
bin/logstash-plugin install /path/to/plugin
NOTE: We have NOT testing this plugin with Nagios Log Server