-
-
Save anonymous/8be8f203a2beafd6cbb3 to your computer and use it in GitHub Desktop.
packetbeatconfig
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################### Packetbeat Configuration Example ########################## | |
# This file contains an overview of various configuration settings. Please consult | |
# the docs at https://www.elastic.co/guide/en/beats/packetbeat/current/packetbeat-configuration.html | |
# for more details. | |
# The Packetbeat shipper works by sniffing the network traffic between your | |
# application components. It inserts meta-data about each transaction into | |
# Elasticsearch. | |
############################# Sniffer ######################################### | |
# Select the network interfaces to sniff the data. You can use the "any" | |
# keyword to sniff on all connected interfaces. | |
interfaces: | |
device: 0 | |
############################# Protocols ####################################### | |
protocols: | |
dns: | |
# Configure the ports where to listen for DNS traffic. You can disable | |
# the DNS protocol by commenting out the list of ports. | |
ports: [53] | |
# include_authorities controls whether or not the dns.authorities field | |
# (authority resource records) is added to messages. | |
# Default: false | |
include_authorities: true | |
# include_additionals controls whether or not the dns.additionals field | |
# (additional resource records) is added to messages. | |
# Default: false | |
include_additionals: true | |
# send_request and send_response control whether or not the stringified DNS | |
# request and response message are added to the result. | |
# Nearly all data about the request/response is available in the dns.* | |
# fields, but this can be useful if you need visibility specifically | |
# into the request or the response. | |
# Default: false | |
# send_request: true | |
# send_response: true | |
http: | |
# Configure the ports where to listen for HTTP traffic. You can disable | |
# the HTTP protocol by commenting out the list of ports. | |
ports: [80, 8080, 8000, 5000, 8002] | |
# Uncomment the following to hide certain parameters in URL or forms attached | |
# to HTTP requests. The names of the parameters are case insensitive. | |
# The value of the parameters will be replaced with the 'xxxxx' string. | |
# This is generally useful for avoiding storing user passwords or other | |
# sensitive information. | |
# Only query parameters and top level form parameters are replaced. | |
# hide_keywords: ['pass', 'password', 'passwd'] | |
memcache: | |
# Configure the ports where to listen for memcache traffic. You can disable | |
# the Memcache protocol by commenting out the list of ports. | |
ports: [11211] | |
# Uncomment the parseunknown option to force the memcache text protocol parser | |
# to accept unknown commands. | |
# Note: All unknown commands MUST not contain any data parts! | |
# Default: false | |
# parseunknown: true | |
# Update the maxvalue option to store the values - base64 encoded - in the | |
# json output. | |
# possible values: | |
# maxvalue: -1 # store all values (text based protocol multi-get) | |
# maxvalue: 0 # store no values at all | |
# maxvalue: N # store up to N values | |
# Default: 0 | |
# maxvalues: -1 | |
# Use maxbytespervalue to limit the number of bytes to be copied per value element. | |
# Note: Values will be base64 encoded, so actual size in json document | |
# will be 4 times maxbytespervalue. | |
# Default: unlimited | |
# maxbytespervalue: 100 | |
# UDP transaction timeout in milliseconds. | |
# Note: Quiet messages in UDP binary protocol will get response only in error case. | |
# The memcached analyzer will wait for udptransactiontimeout milliseconds | |
# before publishing quiet messages. Non quiet messages or quiet requests with | |
# error response will not have to wait for the timeout. | |
# Default: 200 | |
# udptransactiontimeout: 1000 | |
mysql: | |
# Configure the ports where to listen for MySQL traffic. You can disable | |
# the MySQL protocol by commenting out the list of ports. | |
# ports: [3306] | |
pgsql: | |
# Configure the ports where to listen for Pgsql traffic. You can disable | |
# the Pgsql protocol by commenting out the list of ports. | |
# ports: [5432] | |
redis: | |
# Configure the ports where to listen for Redis traffic. You can disable | |
# the Redis protocol by commenting out the list of ports. | |
# ports: [6379] | |
thrift: | |
# Configure the ports where to listen for Thrift-RPC traffic. You can disable | |
# the Thrift-RPC protocol by commenting out the list of ports. | |
# ports: [9090] | |
mongodb: | |
# Configure the ports where to listen for MongoDB traffic. You can disable | |
# the MongoDB protocol by commenting out the list of ports. | |
# ports: [27017] | |
############################# Processes ####################################### | |
# Configure the processes to be monitored and how to find them. If a process is | |
# monitored then Packetbeat attempts to use it's name to fill in the `proc` and | |
# `client_proc` fields. | |
# The processes can be found by searching their command line by a given string. | |
# | |
# Process matching is optional and can be enabled by uncommenting the following | |
# lines. | |
# | |
#procs: | |
# enabled: false | |
# monitored: | |
# - process: mysqld | |
# cmdline_grep: mysqld | |
# | |
# - process: pgsql | |
# cmdline_grep: postgres | |
# | |
# - process: nginx | |
# cmdline_grep: nginx | |
# | |
# - process: app | |
# cmdline_grep: gunicorn | |
############################################################################### | |
############################# Libbeat Config ################################## | |
# Base config file used by all other beats for using libbeat features | |
############################# Output ########################################## | |
# Configure what outputs to use when sending the data collected by the beat. | |
# Multiple outputs may be used. | |
output: | |
### Elasticsearch as output | |
elasticsearch: | |
# Array of hosts to connect to. | |
# Scheme and port can be left out and will be set to the default (http and 9200) | |
# In case you specify and additional path, the scheme is required: http://localhost:9200/path | |
# IPv6 addresses should always be defined as: https://[2001:db8::1]:9200 | |
hosts: ["myelasticserver.somedomain.com:9200"] | |
# Optional protocol and basic auth credentials. | |
#protocol: "https" | |
#username: "admin" | |
#password: "s3cr3t" | |
# Number of workers per Elasticsearch host. | |
#worker: 1 | |
# Optional index name. The default is "packetbeat" and generates | |
# [packetbeat-]YYYY.MM.DD keys. | |
#index: "packetbeat" | |
# Optional HTTP Path | |
#path: "/elasticsearch" | |
# Proxy server url | |
#proxy_url: http://proxy:3128 | |
# The number of times a particular Elasticsearch index operation is attempted. If | |
# the indexing operation doesn't succeed after this many retries, the events are | |
# dropped. The default is 3. | |
#max_retries: 3 | |
# The maximum number of events to bulk in a single Elasticsearch bulk API index request. | |
# The default is 50. | |
#bulk_max_size: 50 | |
# Configure http request timeout before failing an request to Elasticsearch. | |
#timeout: 90 | |
# The number of seconds to wait for new events between two bulk API index requests. | |
# If `bulk_max_size` is reached before this interval expires, addition bulk index | |
# requests are made. | |
#flush_interval: 1 | |
# Boolean that sets if the topology is kept in Elasticsearch. The default is | |
# false. This option makes sense only for Packetbeat. | |
#save_topology: false | |
# The time to live in seconds for the topology information that is stored in | |
# Elasticsearch. The default is 15 seconds. | |
#topology_expire: 15 | |
# tls configuration. By default is off. | |
#tls: | |
# List of root certificates for HTTPS server verifications | |
#certificate_authorities: ["/etc/pki/root/ca.pem"] | |
# Certificate for TLS client authentication | |
#certificate: "/etc/pki/client/cert.pem" | |
# Client Certificate Key | |
#certificate_key: "/etc/pki/client/cert.key" | |
# Controls whether the client verifies server certificates and host name. | |
# If insecure is set to true, all server host names and certificates will be | |
# accepted. In this mode TLS based connections are susceptible to | |
# man-in-the-middle attacks. Use only for testing. | |
#insecure: true | |
# Configure cipher suites to be used for TLS connections | |
#cipher_suites: [] | |
# Configure curve types for ECDHE based cipher suites | |
#curve_types: [] | |
# Configure minimum TLS version allowed for connection to logstash | |
#min_version: 1.0 | |
# Configure maximum TLS version allowed for connection to logstash | |
#max_version: 1.2 | |
### Logstash as output | |
#logstash: | |
# The Logstash hosts | |
#hosts: ["localhost:5044"] | |
# Number of workers per Logstash host. | |
#worker: 1 | |
# Set gzip compression level. | |
#compression_level: 3 | |
# Optional load balance the events between the Logstash hosts | |
#loadbalance: true | |
# Optional index name. The default index name depends on the each beat. | |
# For Packetbeat, the default is set to packetbeat, for Topbeat | |
# top topbeat and for Filebeat to filebeat. | |
#index: packetbeat | |
# Optional TLS. By default is off. | |
#tls: | |
# List of root certificates for HTTPS server verifications | |
#certificate_authorities: ["/etc/pki/root/ca.pem"] | |
# Certificate for TLS client authentication | |
#certificate: "/etc/pki/client/cert.pem" | |
# Client Certificate Key | |
#certificate_key: "/etc/pki/client/cert.key" | |
# Controls whether the client verifies server certificates and host name. | |
# If insecure is set to true, all server host names and certificates will be | |
# accepted. In this mode TLS based connections are susceptible to | |
# man-in-the-middle attacks. Use only for testing. | |
#insecure: true | |
# Configure cipher suites to be used for TLS connections | |
#cipher_suites: [] | |
# Configure curve types for ECDHE based cipher suites | |
#curve_types: [] | |
### File as output | |
#file: | |
# Path to the directory where to save the generated files. The option is mandatory. | |
#path: "/tmp/packetbeat" | |
# Name of the generated files. The default is `packetbeat` and it generates files: `packetbeat`, `packetbeat.1`, `packetbeat.2`, etc. | |
#filename: packetbeat | |
# Maximum size in kilobytes of each file. When this size is reached, the files are | |
# rotated. The default value is 10 MB. | |
#rotate_every_kb: 10000 | |
# Maximum number of files under path. When this number of files is reached, the | |
# oldest file is deleted and the rest are shifted from last to first. The default | |
# is 7 files. | |
#number_of_files: 7 | |
### Console output | |
# console: | |
# Pretty print json event | |
#pretty: false | |
############################# Shipper ######################################### | |
shipper: | |
# The name of the shipper that publishes the network data. It can be used to group | |
# all the transactions sent by a single shipper in the web interface. | |
# If this options is not defined, the hostname is used. | |
#name: | |
# The tags of the shipper are included in their own field with each | |
# transaction published. Tags make it easy to group servers by different | |
# logical properties. | |
#tags: ["service-X", "web-tier"] | |
# Uncomment the following if you want to ignore transactions created | |
# by the server on which the shipper is installed. This option is useful | |
# to remove duplicates if shippers are installed on multiple servers. | |
#ignore_outgoing: true | |
# How often (in seconds) shippers are publishing their IPs to the topology map. | |
# The default is 10 seconds. | |
#refresh_topology_freq: 10 | |
# Expiration time (in seconds) of the IPs published by a shipper to the topology map. | |
# All the IPs will be deleted afterwards. Note, that the value must be higher than | |
# refresh_topology_freq. The default is 15 seconds. | |
#topology_expire: 15 | |
# Internal queue size for single events in processing pipeline | |
#queue_size: 1000 | |
# Configure local GeoIP database support. | |
# If no paths are not configured geoip is disabled. | |
#geoip: | |
#paths: | |
# - "/usr/share/GeoIP/GeoLiteCity.dat" | |
# - "/usr/local/var/GeoIP/GeoLiteCity.dat" | |
############################# Logging ######################################### | |
# There are three options for the log ouput: syslog, file, stderr. | |
# Under Windos systems, the log files are per default sent to the file output, | |
# under all other system per default to syslog. | |
logging: | |
# Send all logging output to syslog. On Windows default is false, otherwise | |
# default is true. | |
#to_syslog: true | |
# Write all logging output to files. Beats automatically rotate files if rotateeverybytes | |
# limit is reached. | |
to_files: true | |
# To enable logging to files, to_files option has to be set to true | |
files: | |
# The directory where the log files will written to. | |
path: /var/log/mybeat | |
# The name of the files where the logs are written to. | |
name: mybeat.log | |
# Configure log file size limit. If limit is reached, log file will be | |
# automatically rotated | |
rotateeverybytes: 10485760 # = 10MB | |
# Number of rotated log files to keep. Oldest files will be deleted first. | |
#keepfiles: 7 | |
# Enable debug output for selected components. To enable all selectors use ["*"] | |
# Other available selectors are beat, publish, service | |
# Multiple selectors can be chained. | |
#selectors: [ ] | |
# Sets log level. The default log level is error. | |
# Available log levels are: critical, error, warning, info, debug | |
#level: error | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment