Packetbeat简介

Packetbeat简介

抓包示例

下载packetbeat

抓取elasticsearch的包

①启动elasticsearch

 

启动packetbeat

配置es.yml

#################### Packetbeat Configuration Example #########################

 

# This file is an example configuration file highlighting only the most common

# options. The packetbeat.full.yml file from the same directory contains all the

# supported options with more comments. You can use it as a reference.

#

# You can find the full configuration reference here:

# https://www.elastic.co/guide/en/beats/packetbeat/index.html

 

#============================== Network device ================================

 

# Select the network interface to sniff the data. On Linux, you can use the

# "any" keyword to sniff on all connected interfaces.

packetbeat.interfaces.device: lo0

 

packetbeat.protocols.http:

  # Configure the ports where to listen for HTTP traffic. You can disable

  # the HTTP protocol by commenting out the list of ports.

  ports: [9200]

  send_request: true  

  include_body_for: ["application/json", "x-www-form-urlencoded"]

 

 

#================================ Outputs =====================================

 

# Configure what outputs to use when sending the data collected by the beat.

# Multiple outputs may be used.

 

#-------------------------- Elasticsearch output ------------------------------

#output.elasticsearch:

  # Array of hosts to connect to.

  #  hosts: ["localhost:9200"]

 

  # Optional protocol and basic auth credentials.

  #protocol: "https"

  #username: "elastic"

  #password: "changeme"

 

output.console:

    pretty: true

 

#================================ Logging =====================================

 

# Sets log level. The default log level is info.

# Available log levels are: critical, error, warning, info, debug

#logging.level: debug

 

# At debug level, you can selectively enable logging only for some components.

# To enable all selectors use ["*"]. Examples of other selectors are "beat",

# "publish", "service".

#logging.selectors: ["*"]

 

启动

请求elasticsearch

可以看到packetbeat有内容输出