20241204_101203_vlan12_firewall.pcap filename in kibana #13993
Answered
by
InfosecGoon
Anelka3523
asked this question in
Q&A
-
I have files named 20241204_101203_vlan12_firewall.pcap that I need to process with the so-import-pcap script. i want to search these file names by “filename” pcap file name when querying kibana. how can i add pcap file names to *.log files with zeek output? is there a setting in the zeek program? or do i need to make a setting in the elasticsearch pipeline? |
Beta Was this translation helpful? Give feedback.
Answered by
InfosecGoon
Dec 2, 2024
Replies: 1 comment
-
The filename is not preserved by the import script -- the traffic is replayed as if it were being observed by the monitoring interface. |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
TOoSmOotH
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The filename is not preserved by the import script -- the traffic is replayed as if it were being observed by the monitoring interface.