Packetbeat Configuration

1. #################### Packetbeat Configuration Example #########################
2.  
3. # This file is an example configuration file highlighting only the most common
4. # options. The packetbeat.reference.yml file from the same directory contains all the
5. # supported options with more comments. You can use it as a reference.
6. #
7. # You can find the full configuration reference here:
8. # https://www.elastic.co/guide/en/beats/packetbeat/index.html
9.  
10. #============================== Network device ================================
11.  
12. # Select the network interface to sniff the data. On Linux, you can use the
13. # "any" keyword to sniff on all connected interfaces.
14. packetbeat.interfaces.device: 0
15.  
16. #================================== Flows =====================================
17.  
18. # Set `enabled: false` or comment out all options to disable flows reporting.
19. packetbeat.flows:
20.  # Set network flow timeout. Flow is killed if no packet is received before being
21.   # timed out.
22.   timeout: 30s
23.  
24.   # Configure reporting period. If set to -1, only killed flows will be reported
25.   period: 10s
26.  
27. #========================== Transaction protocols =============================
28.  
29. packetbeat.protocols:
30. - type: icmp
31.   # Enable ICMPv4 and ICMPv6 monitoring. Default: false
32.   enabled: true
33.  
34. - type: amqp
35.   # Configure the ports where to listen for AMQP traffic. You can disable
36.   # the AMQP protocol by commenting out the list of ports.
37.   ports: [5672]
38.  
39. - type: cassandra
40.   #Cassandra port for traffic monitoring.
41.   ports: [9042]
42.  
43. - type: dhcpv4
44.   # Configure the DHCP for IPv4 ports.
45.   ports: [67, 68]
46.  
47. - type: dns
48.   # Configure the ports where to listen for DNS traffic. You can disable
49.   # the DNS protocol by commenting out the list of ports.
50.   ports: [53]
51.  
52. - type: http
53.   # Configure the ports where to listen for HTTP traffic. You can disable
54.   # the HTTP protocol by commenting out the list of ports.
55.   ports: [80, 8080, 8000, 5000, 8002]
56.  
57. - type: memcache
58.   # Configure the ports where to listen for memcache traffic. You can disable
59.   # the Memcache protocol by commenting out the list of ports.
60.   ports: [11211]
61.  
62. - type: mysql
63.   # Configure the ports where to listen for MySQL traffic. You can disable
64.   # the MySQL protocol by commenting out the list of ports.
65.   ports: [3306,3307]
66.  
67. - type: pgsql
68.   # Configure the ports where to listen for Pgsql traffic. You can disable
69.   # the Pgsql protocol by commenting out the list of ports.
70.   ports: [5432]
71.  
72. - type: redis
73.   # Configure the ports where to listen for Redis traffic. You can disable
74.   # the Redis protocol by commenting out the list of ports.
75.   ports: [6379]
76.  
77. - type: thrift
78.   # Configure the ports where to listen for Thrift-RPC traffic. You can disable
79.   # the Thrift-RPC protocol by commenting out the list of ports.
80.   ports: [9090]
81.  
82. - type: mongodb
83.   # Configure the ports where to listen for MongoDB traffic. You can disable
84.   # the MongoDB protocol by commenting out the list of ports.
85.   ports: [27017]
86.  
87. - type: nfs
88.   # Configure the ports where to listen for NFS traffic. You can disable
89.   # the NFS protocol by commenting out the list of ports.
90.   ports: [2049]
91.  
92. - type: tls
93.   # Configure the ports where to listen for TLS traffic. You can disable
94.   # the TLS protocol by commenting out the list of ports.
95.   ports:
96.    - 443   # HTTPS
97.     - 993   # IMAPS
98.     - 995   # POP3S
99.     - 5223  # XMPP over SSL
100.     - 8443
101.     - 8883  # Secure MQTT
102.     - 9243  # Elasticsearch
103.  
104. #==================== Elasticsearch template setting ==========================
105.  
106. setup.template.settings:
107.   index.number_of_shards: 1
108.   #index.codec: best_compression
109.   #_source.enabled: false
110.  
111. #================================ General =====================================
112.  
113. # The name of the shipper that publishes the network data. It can be used to group
114. # all the transactions sent by a single shipper in the web interface.
115. #name:
116.  
117. # The tags of the shipper are included in their own field with each
118. # transaction published.
119. #tags: ["service-X", "web-tier"]
120.  
121. # Optional fields that you can specify to add additional information to the
122. # output.
123. #fields:
124. #  env: staging
125.  
126.  
127. #============================== Dashboards =====================================
128. # These settings control loading the sample dashboards to the Kibana index. Loading
129. # the dashboards is disabled by default and can be enabled either by setting the
130. # options here or by using the `setup` command.
131. #setup.dashboards.enabled: false
132.  
133. # The URL from where to download the dashboards archive. By default this URL
134. # has a value which is computed based on the Beat name and version. For released
135. # versions, this URL points to the dashboard archive on the artifacts.elastic.co
136. # website.
137. #setup.dashboards.url:
138.  
139. #============================== Kibana =====================================
140.  
141. # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
142. # This requires a Kibana endpoint configuration.
143. setup.kibana:
145.   # Kibana Host
146.   # Scheme and port can be left out and will be set to the default (http and 5601)
147.   # In case you specify and additional path, the scheme is required: http://localhost:5601/path
148.   # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
149.   host: "7.7.7.4:5601"
150.  
151.   # Kibana Space ID
152.   # ID of the Kibana Space into which the dashboards should be loaded. By default,
153.   # the Default Space will be used.
154.   #space.id:
155.  
156. #============================= Elastic Cloud ==================================
157.  
158. # These settings simplify using packetbeat with the Elastic Cloud (https://cloud.elastic.co/).
159.  
160. # The cloud.id setting overwrites the `output.elasticsearch.hosts` and
161. # `setup.kibana.host` options.
162. # You can find the `cloud.id` in the Elastic Cloud web UI.
163. #cloud.id:
164.  
165. # The cloud.auth setting overwrites the `output.elasticsearch.username` and
166. # `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
167. #cloud.auth:
168.  
169. #================================ Outputs =====================================
170.  
171. # Configure what output to use when sending the data collected by the beat.
172.  
173. #-------------------------- Elasticsearch output ------------------------------
174. output.elasticsearch:
175.  # Array of hosts to connect to.
176.   hosts: ["7.7.7.4:9200"]
177.  
178.   # Optional protocol and basic auth credentials.
179.   #protocol: "https"
180.   #username: "elastic"
181.   #password: "changeme"
182.  
183. #----------------------------- Logstash output --------------------------------
184. #output.logstash:
185.   # The Logstash hosts
186.   #hosts: ["localhost:5044"]
187.  
188.   # Optional SSL. By default is off.
189.   # List of root certificates for HTTPS server verifications
190.   #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
191.  
192.   # Certificate for SSL client authentication
193.   #ssl.certificate: "/etc/pki/client/cert.pem"
194.  
195.   # Client Certificate Key
196.   #ssl.key: "/etc/pki/client/cert.key"
197.  
198. #================================ Processors =====================================
199.  
200. # Configure processors to enhance or manipulate events generated by the beat.
201.  
202. processors:
203.   - add_host_metadata: ~
204.   - add_cloud_metadata: ~
205.  
206. #================================ Logging =====================================
207.  
208. # Sets log level. The default log level is info.
209. # Available log levels are: error, warning, info, debug
210. #logging.level: debug
211.  
212. # At debug level, you can selectively enable logging only for some components.
213. # To enable all selectors use ["*"]. Examples of other selectors are "beat",
214. # "publish", "service".
215. #logging.selectors: ["*"]
216.  
217. #============================== Xpack Monitoring ===============================
218. # packetbeat can export internal metrics to a central Elasticsearch monitoring
219. # cluster.  This requires xpack monitoring to be enabled in Elasticsearch.  The
220. # reporting is disabled by default.
221.  
222. # Set to true to enable the monitoring reporter.
223. #xpack.monitoring.enabled: false
224.  
225. # Uncomment to send the metrics to Elasticsearch. Most settings from the
226. # Elasticsearch output are accepted here as well. Any setting that is not set is
227. # automatically inherited from the Elasticsearch output configuration, so if you
228. # have the Elasticsearch output configured, you can simply uncomment the
229. # following line.
230. #xpack.monitoring.elasticsearch:
231.  
232. #================================= Migration ==================================
233.  
234. # This allows to enable 6.7 migration aliases
235. #migration.6_to_7.enabled: true