Setup Packetbeat

title: “Setup Packetbeat”
date: 2024-02-08T14:26:14
slug: setup-packetbeat

Kurzinfo

Dieser Beitrag dokumentiert eine Beispielkonfiguration für Packetbeat. Unten stehen die relevanten Ausschnitte aus packetbeat.yml und ein paar Testkommandos.

Konfiguration (Ausschnitt)

# cat /etc/packetbeat/packetbeat.yml | grep -v '#' | grep -v '^$'
packetbeat.interfaces.device: any
packetbeat.interfaces.poll\\_default\\_route: 1m
packetbeat.interfaces.internal\\_networks:
- private
packetbeat.flows:
timeout: 30s
period: 10s
packetbeat.protocols:
- type: icmp
enabled: false
- type: amqp
- type: cassandra
- type: dhcpv4
- type: dns
ports: [53]
- type: http
ports: [80, 8080, 8000, 5000, 8002]
- type: memcache
ports: [11211]
- type: mysql
ports: [3306, 3307]
- type: pgsql
ports: [5432]
- type: redis
ports: [6379]
- type: thrift
ports: [9090]
- type: mongodb
ports: [27017]
- type: nfs
ports: [2049]
- type: tls
ports:
- 8443
- type: sip
ports: [5060]
setup.template.settings:
index.number\\_of\\_shards: 1
setup.dashboards.enabled: true
setup.kibana:
host: "http://192.168.178.195:5601"
output.elasticsearch:
hosts: ["192.168.178.195:9200"]
preset: balanced
processors:
- add\\_host\\_metadata: ~
- add\\_cloud\\_metadata: ~
- add\\_docker\\_metadata: ~
- detect\\_mime\\_type:
field: http.request.body.content
target: http.request.mime\\_type
- detect\\_mime\\_type:
field: http.response.body.content
target: http.response.mime\\_type

Tests

packetbeat test config
packetbeat test output
packetbeat setup
Print Friendly, PDF & Email