Skip to content

Example: PCAP Input

Jump to bottom
Lorenzo Mangani edited this page Nov 3, 2017 · 2 revisions

paStash PCAP Input

The following examples illustrate a few recipes using the experimental PCAP input plugin.

IP/UDP/SIP Example

input {
  pcap {
    bpf_filter => 'port 5060'
    debug => false
  }
}

filter {
  sip {
    source_field => message
  }
}

output {
  stdout {}
}

IP/TCP/SSL Pipeline (experimental) 

input {
  pcap {
    bpf_filter => 'tcp and port 5061'
    output_format => 'buffer'
  }
}

filter {
  if type == "TLS" {
    ssl {
      source_field => message
      privateKey => '/path/to/privkey.pem'
      publicKey => '/path/to/pubkey.pem'
      debug => false
    }
  }
}

output {
  stdout {}
}
PaStash
Distribution
Logging
Examples
HEP+VoIP Examples
Clone this wiki locally