packetbeat配置
packetbeat.yml vois
#################### Packetbeat Configuration Example ######################### # =============================== Network device =============================== packetbeat.interfaces.device: eth0 packetbeat.interfaces.internal_networks: - private # =========================== Transaction protocols ============================ packetbeat.protocols: - type: dns # Configure the ports where to listen for DNS traffic. You can disable # the DNS protocol by commenting out the list of ports. ports: [53] include_authorities: true include_additionals: true # ================================== Outputs =================================== # Configure what output to use when sending the data collected by the beat. # -------------------------------- Kafka Output -------------------------------- # output.kafka: # # Boolean flag to enable or disable the output module. # enabled: true # hosts: ["localhost:9092"] # topic: beats # version: '2.13' # codec.json: # pretty: true # ------------------------------- Console Output ------------------------------- output.console: enabled: true codec.json: pretty: true # ================================= Processors ================================= processors: - include_fields: fields: - client.bytes - server.bytes - client.ip - server.ip - dns.question.name - dns.question.etld_plus_one - dns.response_code - dns.flags.authoritative - dns.flags.recursion_available - dns.flags.recursion_desired - dns.answers_count - dns.authorities - dns.authorities_count - dns.authorities.name - dns.authorities.type - dns.authorities.class - dns.additionals - dns.additionals.data - dns.opt.version - dns.opt.udp_size - dns.opt.ext_rcode - dns.answers # ================================== Logging ===================================
最终生成的数据格式依赖于processor配置,详细的配置参考:https://www.elastic.co/guide/en/beats/packetbeat/current/exported-fields-dns.html
启动packetbeat
./packetbeat -c packetbeat.yml
分类:
packetbeat
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· Manus的开源复刻OpenManus初探
· .NET Core 中如何实现缓存的预热?
· 阿里巴巴 QwQ-32B真的超越了 DeepSeek R-1吗?
· 如何调用 DeepSeek 的自然语言处理 API 接口并集成到在线客服系统
2016-09-01 新建samba配置步骤