API tools faq
paste
Advertisement
Guest User

Packetbeat config

a guest
Apr 20th, 2016
345
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.07 KB | None | 0 0
raw download clone embed print report
  1. ################### Packetbeat Configuration Example ##########################
  2.  
  3. # This file contains an overview of various configuration settings. Please consult
  4. # the docs at https://www.elastic.co/guide/en/beats/packetbeat/current/packetbeat-configuration.html
  5. # for more details.
  6.  
  7. # The Packetbeat shipper works by sniffing the network traffic between your
  8. # application components. It inserts meta-data about each transaction into
  9. # Elasticsearch.
  10.  
  11. ############################# Sniffer #########################################
  12.  
  13. # Select the network interfaces to sniff the data. You can use the "any"
  14. # keyword to sniff on all connected interfaces.
  15. interfaces:
  16. device: any
  17.  
  18. ############################# Protocols #######################################
  19. protocols:
  20. dns:
  21. # Configure the ports where to listen for DNS traffic. You can disable
  22. # the DNS protocol by commenting out the list of ports.
  23. ports: [53]
  24.  
  25. # include_authorities controls whether or not the dns.authorities field
  26. # (authority resource records) is added to messages.
  27. # Default: false
  28. include_authorities: true
  29. # include_additionals controls whether or not the dns.additionals field
  30. # (additional resource records) is added to messages.
  31. # Default: false
  32. include_additionals: true
  33.  
  34. # send_request and send_response control whether or not the stringified DNS
  35. # request and response message are added to the result.
  36. # Nearly all data about the request/response is available in the dns.*
  37. # fields, but this can be useful if you need visibility specifically
  38. # into the request or the response.
  39. # Default: false
  40. # send_request: true
  41. # send_response: true
  42.  
  43. http:
  44. # Configure the ports where to listen for HTTP traffic. You can disable
  45. # the HTTP protocol by commenting out the list of ports.
  46. ports: [80, 8080, 8000, 5000, 8002]
  47.  
  48. # Uncomment the following to hide certain parameters in URL or forms attached
  49. # to HTTP requests. The names of the parameters are case insensitive.
  50. # The value of the parameters will be replaced with the 'xxxxx' string.
  51. # This is generally useful for avoiding storing user passwords or other
  52. # sensitive information.
  53. # Only query parameters and top level form parameters are replaced.
  54. # hide_keywords: ['pass', 'password', 'passwd']
  55.  
  56. memcache:
  57. # Configure the ports where to listen for memcache traffic. You can disable
  58. # the Memcache protocol by commenting out the list of ports.
  59. ports: [11211]
  60.  
  61. # Uncomment the parseunknown option to force the memcache text protocol parser
  62. # to accept unknown commands.
  63. # Note: All unknown commands MUST not contain any data parts!
  64. # Default: false
  65. # parseunknown: true
  66.  
  67. # Update the maxvalue option to store the values - base64 encoded - in the
  68. # json output.
  69. # possible values:
  70. # maxvalue: -1 # store all values (text based protocol multi-get)
  71. # maxvalue: 0 # store no values at all
  72. # maxvalue: N # store up to N values
  73. # Default: 0
  74. # maxvalues: -1
  75.  
  76. # Use maxbytespervalue to limit the number of bytes to be copied per value element.
  77. # Note: Values will be base64 encoded, so actual size in json document
  78. # will be 4 times maxbytespervalue.
  79. # Default: unlimited
  80. # maxbytespervalue: 100
  81.  
  82. # UDP transaction timeout in milliseconds.
  83. # Note: Quiet messages in UDP binary protocol will get response only in error case.
  84. # The memcached analyzer will wait for udptransactiontimeout milliseconds
  85. # before publishing quiet messages. Non quiet messages or quiet requests with
  86. # error response will not have to wait for the timeout.
  87. # Default: 200
  88. # udptransactiontimeout: 1000
  89.  
  90. mysql:
  91. # Configure the ports where to listen for MySQL traffic. You can disable
  92. # the MySQL protocol by commenting out the list of ports.
  93. ports: [3306]
  94.  
  95. pgsql:
  96. # Configure the ports where to listen for Pgsql traffic. You can disable
  97. # the Pgsql protocol by commenting out the list of ports.
  98. ports: [5432]
  99.  
  100. redis:
  101. # Configure the ports where to listen for Redis traffic. You can disable
  102. # the Redis protocol by commenting out the list of ports.
  103. ports: [6379]
  104.  
  105. thrift:
  106. # Configure the ports where to listen for Thrift-RPC traffic. You can disable
  107. # the Thrift-RPC protocol by commenting out the list of ports.
  108. ports: [9090]
  109.  
  110. mongodb:
  111. # Configure the ports where to listen for MongoDB traffic. You can disable
  112. # the MongoDB protocol by commenting out the list of ports.
  113. ports: [27017]
  114.  
  115. ############################# Processes #######################################
  116.  
  117. # Configure the processes to be monitored and how to find them. If a process is
  118. # monitored then Packetbeat attempts to use it's name to fill in the `proc` and
  119. # `client_proc` fields.
  120. # The processes can be found by searching their command line by a given string.
  121. #
  122. # Process matching is optional and can be enabled by uncommenting the following
  123. # lines.
  124. #
  125. #procs:
  126. # enabled: false
  127. # monitored:
  128. # - process: mysqld
  129. # cmdline_grep: mysqld
  130. #
  131. # - process: pgsql
  132. # cmdline_grep: postgres
  133. #
  134. # - process: nginx
  135. # cmdline_grep: nginx
  136. #
  137. # - process: app
  138. # cmdline_grep: gunicorn
  139.  
  140. ###############################################################################
  141. ############################# Libbeat Config ##################################
  142. # Base config file used by all other beats for using libbeat features
  143.  
  144. ############################# Output ##########################################
  145.  
  146. # Configure what outputs to use when sending the data collected by the beat.
  147. # Multiple outputs may be used.
  148. output:
  149.  
  150. ### Elasticsearch as output
  151. elasticsearch:
  152. # Array of hosts to connect to.
  153. # Scheme and port can be left out and will be set to the default (http and 9200)
  154. # In case you specify and additional path, the scheme is required: http://localhost:9200/path
  155. # IPv6 addresses should always be defined as: https://[2001:db8::1]:9200
  156. hosts: ["172.16.102.51:9200"]
  157.  
  158. # Optional protocol and basic auth credentials.
  159. #protocol: "https"
  160. #username: "admin"
  161. #password: "s3cr3t"
  162.  
  163. # Number of workers per Elasticsearch host.
  164. #worker: 1
  165.  
  166. # Optional index name. The default is "packetbeat" and generates
  167. # [packetbeat-]YYYY.MM.DD keys.
  168. #index: "packetbeat"
  169.  
  170. # A template is used to set the mapping in Elasticsearch
  171. # By default template loading is disabled and no template is loaded.
  172. # These settings can be adjusted to load your own template or overwrite existing ones
  173. #template:
  174.  
  175. # Template name. By default the template name is packetbeat.
  176. #name: "packetbeat"
  177.  
  178. # Path to template file
  179. #path: "packetbeat.template.json"
  180.  
  181. # Overwrite existing template
  182. #overwrite: false
  183.  
  184. # Optional HTTP Path
  185. #path: "/elasticsearch"
  186.  
  187. # Proxy server url
  188. #proxy_url: http://proxy:3128
  189.  
  190. # The number of times a particular Elasticsearch index operation is attempted. If
  191. # the indexing operation doesn't succeed after this many retries, the events are
  192. # dropped. The default is 3.
  193. #max_retries: 3
  194.  
  195. # The maximum number of events to bulk in a single Elasticsearch bulk API index request.
  196. # The default is 50.
  197. #bulk_max_size: 50
  198.  
  199. # Configure http request timeout before failing an request to Elasticsearch.
  200. #timeout: 90
  201.  
  202. # The number of seconds to wait for new events between two bulk API index requests.
  203. # If `bulk_max_size` is reached before this interval expires, addition bulk index
  204. # requests are made.
  205. #flush_interval: 1
  206.  
  207. # Boolean that sets if the topology is kept in Elasticsearch. The default is
  208. # false. This option makes sense only for Packetbeat.
  209. #save_topology: false
  210.  
  211. # The time to live in seconds for the topology information that is stored in
  212. # Elasticsearch. The default is 15 seconds.
  213. #topology_expire: 15
  214.  
  215. # tls configuration. By default is off.
  216. #tls:
  217. # List of root certificates for HTTPS server verifications
  218. #certificate_authorities: ["/etc/pki/root/ca.pem"]
  219.  
  220. # Certificate for TLS client authentication
  221. #certificate: "/etc/pki/client/cert.pem"
  222.  
  223. # Client Certificate Key
  224. #certificate_key: "/etc/pki/client/cert.key"
  225.  
  226. # Controls whether the client verifies server certificates and host name.
  227. # If insecure is set to true, all server host names and certificates will be
  228. # accepted. In this mode TLS based connections are susceptible to
  229. # man-in-the-middle attacks. Use only for testing.
  230. #insecure: true
  231.  
  232. # Configure cipher suites to be used for TLS connections
  233. #cipher_suites: []
  234.  
  235. # Configure curve types for ECDHE based cipher suites
  236. #curve_types: []
  237.  
  238. # Configure minimum TLS version allowed for connection to logstash
  239. #min_version: 1.0
  240.  
  241. # Configure maximum TLS version allowed for connection to logstash
  242. #max_version: 1.2
  243.  
  244.  
  245. ### Logstash as output
  246. #logstash:
  247. # The Logstash hosts
  248. #hosts: ["localhost:5044"]
  249.  
  250. # Number of workers per Logstash host.
  251. #worker: 1
  252.  
  253. # Set gzip compression level.
  254. #compression_level: 3
  255.  
  256. # Optional load balance the events between the Logstash hosts
  257. #loadbalance: true
  258.  
  259. # Optional index name. The default index name depends on the each beat.
  260. # For Packetbeat, the default is set to packetbeat, for Topbeat
  261. # top topbeat and for Filebeat to filebeat.
  262. #index: packetbeat
  263.  
  264. # Optional TLS. By default is off.
  265. #tls:
  266. # List of root certificates for HTTPS server verifications
  267. #certificate_authorities: ["/etc/pki/root/ca.pem"]
  268.  
  269. # Certificate for TLS client authentication
  270. #certificate: "/etc/pki/client/cert.pem"
  271.  
  272. # Client Certificate Key
  273. #certificate_key: "/etc/pki/client/cert.key"
  274.  
  275. # Controls whether the client verifies server certificates and host name.
  276. # If insecure is set to true, all server host names and certificates will be
  277. # accepted. In this mode TLS based connections are susceptible to
  278. # man-in-the-middle attacks. Use only for testing.
  279. #insecure: true
  280.  
  281. # Configure cipher suites to be used for TLS connections
  282. #cipher_suites: []
  283.  
  284. # Configure curve types for ECDHE based cipher suites
  285. #curve_types: []
  286.  
  287.  
  288. ### File as output
  289. #file:
  290. # Path to the directory where to save the generated files. The option is mandatory.
  291. #path: "/tmp/packetbeat"
  292.  
  293. # Name of the generated files. The default is `packetbeat` and it generates files: `packetbeat`, `packetbeat.1`, `packetbeat.2`, etc.
  294. #filename: packetbeat
  295.  
  296. # Maximum size in kilobytes of each file. When this size is reached, the files are
  297. # rotated. The default value is 10 MB.
  298. #rotate_every_kb: 10000
  299.  
  300. # Maximum number of files under path. When this number of files is reached, the
  301. # oldest file is deleted and the rest are shifted from last to first. The default
  302. # is 7 files.
  303. #number_of_files: 7
  304.  
  305.  
  306. ### Console output
  307. # console:
  308. # Pretty print json event
  309. #pretty: false
  310.  
  311.  
  312. ############################# Shipper #########################################
  313.  
  314. shipper:
  315. # The name of the shipper that publishes the network data. It can be used to group
  316. # all the transactions sent by a single shipper in the web interface.
  317. # If this options is not defined, the hostname is used.
  318. #name:
  319.  
  320. # The tags of the shipper are included in their own field with each
  321. # transaction published. Tags make it easy to group servers by different
  322. # logical properties.
  323. #tags: ["service-X", "web-tier"]
  324.  
  325. # Uncomment the following if you want to ignore transactions created
  326. # by the server on which the shipper is installed. This option is useful
  327. # to remove duplicates if shippers are installed on multiple servers.
  328. #ignore_outgoing: true
  329.  
  330. # How often (in seconds) shippers are publishing their IPs to the topology map.
  331. # The default is 10 seconds.
  332. #refresh_topology_freq: 10
  333.  
  334. # Expiration time (in seconds) of the IPs published by a shipper to the topology map.
  335. # All the IPs will be deleted afterwards. Note, that the value must be higher than
  336. # refresh_topology_freq. The default is 15 seconds.
  337. #topology_expire: 15
  338.  
  339. # Internal queue size for single events in processing pipeline
  340. #queue_size: 1000
  341.  
  342. # Configure local GeoIP database support.
  343. # If no paths are not configured geoip is disabled.
  344. #geoip:
  345. #paths:
  346. # - "/usr/share/GeoIP/GeoLiteCity.dat"
  347. # - "/usr/local/var/GeoIP/GeoLiteCity.dat"
  348.  
  349.  
  350. ############################# Logging #########################################
  351.  
  352. # There are three options for the log ouput: syslog, file, stderr.
  353. # Under Windos systems, the log files are per default sent to the file output,
  354. # under all other system per default to syslog.
  355. logging:
  356.  
  357. # Send all logging output to syslog. On Windows default is false, otherwise
  358. # default is true.
  359. #to_syslog: true
  360.  
  361. # Write all logging output to files. Beats automatically rotate files if rotateeverybytes
  362. # limit is reached.
  363. #to_files: false
  364.  
  365. # To enable logging to files, to_files option has to be set to true
  366. files:
  367. # The directory where the log files will written to.
  368. #path: /var/log/mybeat
  369.  
  370. # The name of the files where the logs are written to.
  371. #name: mybeat
  372.  
  373. # Configure log file size limit. If limit is reached, log file will be
  374. # automatically rotated
  375. rotateeverybytes: 10485760 # = 10MB
  376.  
  377. # Number of rotated log files to keep. Oldest files will be deleted first.
  378. #keepfiles: 7
  379.  
  380. # Enable debug output for selected components. To enable all selectors use ["*"]
  381. # Other available selectors are beat, publish, service
  382. # Multiple selectors can be chained.
  383. #selectors: [ ]
  384.  
  385. # Sets log level. The default log level is error.
  386. # Available log levels are: critical, error, warning, info, debug
  387. #level: error
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!