Packetbeat简介

Packetbeat简介

抓包示例

下载packetbeat

抓取elasticsearch的包

①启动elasticsearch

启动packetbeat

配置es.yml

#################### Packetbeat Configuration Example #########################

# This file is an example configuration file highlighting only the most common

# options. The packetbeat.full.yml file from the same directory contains all the

# supported options with more comments. You can use it as a reference.

#

# You can find the full configuration reference here:

# https://www.elastic.co/guide/en/beats/packetbeat/index.html

#============================== Network device ================================

# Select the network interface to sniff the data. On Linux, you can use the

# "any" keyword to sniff on all connected interfaces.

packetbeat.interfaces.device: lo0

packetbeat.protocols.http:

# Configure the ports where to listen for HTTP traffic. You can disable

# the HTTP protocol by commenting out the list of ports.

ports: [9200]

send_request: true

include_body_for: ["application/json", "x-www-form-urlencoded"]

#================================ Outputs =====================================

# Configure what outputs to use when sending the data collected by the beat.

# Multiple outputs may be used.

#-------------------------- Elasticsearch output ------------------------------

#output.elasticsearch:

# Array of hosts to connect to.

#  hosts: ["localhost:9200"]

# Optional protocol and basic auth credentials.

#protocol: "https"

#username: "elastic"

#password: "changeme"

output.console:

pretty: true

#================================ Logging =====================================

# Sets log level. The default log level is info.

# Available log levels are: critical, error, warning, info, debug

#logging.level: debug

# At debug level, you can selectively enable logging only for some components.

# To enable all selectors use ["*"]. Examples of other selectors are "beat",

# "publish", "service".

#logging.selectors: ["*"]

启动

请求elasticsearch

可以看到packetbeat有内容输出