Storage report per client and per protocol? #8608
-
|
Hello, I am trying to optimize the amount of storage for pcaps that I am collecting, by removing and filtering out unnecessary traffic and protocols. I've already filtered out port 443 traffic since its encrypted. Also I have filtered out my backup servers traffic. I would like to be able to run a report or query in kibana (or another tool) that would show me which protocols are taking up the most storage space (ordered from most to least). Also would like to run a report/query to show me which of my hosts are generating the most pcaps by byte count (ordered from most to least). Just trying to get an idea of how my storage is allocated in my pcaps. For instance, we use VMWare horizon view in our environment, and I am sure a lot of network packets are being stored for protocol 4172 (PCoIP streaming protocol) , but currently I don't have a way of reporting on this to confirm it. My end goal is to be able to store the packets that matter and filter out unwanted pcap "noise" so I can store what matters longer with the storage space I have! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
You can query your Zeek logs and figure out what type of traffic or traffic from what you'd like to exclude. Zeek will log everything it sees into several categories, so that will enable you to create a bpf filter for stenographer to exclude that data. |
Beta Was this translation helpful? Give feedback.
You can query your Zeek logs and figure out what type of traffic or traffic from what you'd like to exclude. Zeek will log everything it sees into several categories, so that will enable you to create a bpf filter for stenographer to exclude that data.