- Packetbeat Reference: other versions:
- Overview
- Getting started with Packetbeat
- Setting up and running Packetbeat
- Upgrading Packetbeat
- Configuring Packetbeat
- Set traffic capturing options
- Set up flows to monitor network traffic
- Specify which transaction protocols to monitor
- Specify which processes to monitor
- Specify general settings
- Configure the internal queue
- Configure the output
- Specify SSL settings
- Filter and enhance the exported data
- Parse data by using ingest node
- Export GeoIP Information
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- HTTP Endpoint
- packetbeat.reference.yml
- Exported fields
- AMQP fields
- Beat fields
- Cassandra fields
- Cloud provider metadata fields
- Common fields
- DHCPv4 fields
- DNS fields
- Docker fields
- Flow Event fields
- Host fields
- HTTP fields
- ICMP fields
- Kubernetes fields
- Memcache fields
- MongoDb fields
- MySQL fields
- NFS fields
- PostgreSQL fields
- Raw fields
- Redis fields
- Thrift-RPC fields
- TLS fields
- Transaction Event fields
- Measurements (Transactions) fields
- Monitoring Packetbeat
- Securing Packetbeat
- Visualizing Packetbeat data in Kibana
- Troubleshooting
- Contributing to Beats
Configure Packetbeat to use X-Pack security
editConfigure Packetbeat to use X-Pack security
editIf you want Packetbeat to connect to a cluster that has X-Pack security enabled, there are extra configuration steps:
-
Configure authentication credentials.
To send data to a secured cluster through the
elasticsearchoutput, Packetbeat needs to authenticate as a user who can manage index templates, monitor the cluster, create indices, and read and write to the indices it creates. -
Grant users access to Packetbeat indices.
To search the indexed Packetbeat data and visualize it in Kibana, users need access to the indices Packetbeat creates.
-
Configure Packetbeat to use encrypted connections.
If encryption is enabled on the cluster, you need to enable HTTPS in the Packetbeat configuration.
-
Set the password for the built-in monitoring user.
Packetbeat uses the
beats_systemuser to send monitoring data to Elasticsearch. If you plan to monitor Packetbeat in Kibana and have not yet set up the password, set it up now.
For more information about X-Pack security, see Securing the Elastic Stack.
Packetbeat features that require authorization
editAfter securing Packetbeat, make sure your users have the roles (or associated
privileges) required to use these Packetbeat features. You must create the
packetbeat_writer and
packetbeat_reader roles (see Configure authentication credentials and
Grant users access to Packetbeat indices). The other roles are
built-in.
| Feature | Role |
|---|---|
Send data to a secured cluster |
|
Load index templates |
|
Load Packetbeat dashboards into Kibana |
|
Load machine learning jobs |
|
Read indices created by Packetbeat |
|
View Packetbeat dashboards in Kibana |
|
On this page