- Packetbeat Reference: other versions:
- Overview
- Getting started with Packetbeat
- Setting up and running Packetbeat
- Upgrading Packetbeat
- Configuring Packetbeat
- Set traffic capturing options
- Set up flows to monitor network traffic
- Specify which transaction protocols to monitor
- Specify which processes to monitor
- Specify general settings
- Configure the internal queue
- Configure the output
- Specify SSL settings
- Filter and enhance the exported data
- Parse data by using ingest node
- Export GeoIP Information
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- HTTP Endpoint
- packetbeat.reference.yml
- Exported fields
- AMQP fields
- Beat fields
- Cassandra fields
- Cloud provider metadata fields
- Common fields
- DNS fields
- Docker fields
- Flow Event fields
- Host fields
- HTTP fields
- ICMP fields
- Kubernetes fields
- Memcache fields
- MongoDb fields
- MySQL fields
- NFS fields
- PostgreSQL fields
- Raw fields
- Redis fields
- Thrift-RPC fields
- TLS fields
- Transaction Event fields
- Measurements (Transactions) fields
- Monitoring Packetbeat
- Securing Packetbeat
- Visualizing Packetbeat data in Kibana
- Troubleshooting
- Contributing to Beats
Repositories for APT and YUM
editRepositories for APT and YUM
editWe have repositories available for APT and YUM-based distributions. Note that we provide binary packages, but no source packages.
We use the PGP key D88E42B4, Elasticsearch Signing Key, with fingerprint
4609 5ACC 8548 582C 1A26 99A9 D27D 666C D88E 42B4
to sign all our packages. It is available from https://pgp.mit.edu.
APT
editTo add the Beats repository for APT:
-
Download and install the Public Signing Key:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
-
You may need to install the
apt-transport-httpspackage on Debian before proceeding:sudo apt-get install apt-transport-https
-
Save the repository definition to
/etc/apt/sources.list.d/elastic-6.x.list:echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
To add the Elastic repository, make sure that you use the
echomethod shown in the example. Do not useadd-apt-repositorybecause it will add adeb-srcentry, but we do not provide a source package.If you have added the
deb-srcentry by mistake, you will see an error like the following:Unable to find expected entry 'main/source/Sources' in Release file (Wrong sources.list entry or malformed file)
Simply delete the
deb-srcentry from the/etc/apt/sources.listfile, and the installation should work as expected. -
Run
apt-get update, and the repository is ready for use. For example, you can install Packetbeat by running:sudo apt-get update && sudo apt-get install packetbeat
-
To configure Packetbeat to start automatically during boot, run:
sudo update-rc.d packetbeat defaults 95 10
YUM
editTo add the Beats repository for YUM:
-
Download and install the public signing key:
sudo rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
-
Create a file with a
.repoextension (for example,elastic.repo) in your/etc/yum.repos.d/directory and add the following lines:[elastic-6.x] name=Elastic repository for 6.x packages baseurl=https://artifacts.elastic.co/packages/6.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md
Your repository is ready to use. For example, you can install Packetbeat by running:
sudo yum install packetbeat -
To configure the Beat to start automatically during boot, run:
sudo chkconfig --add packetbeat