- Packetbeat Reference: other versions:
- Overview
- Getting started with Packetbeat
- Setting up and running Packetbeat
- Upgrading Packetbeat
- Configuring Packetbeat
- Set traffic capturing options
- Set up flows to monitor network traffic
- Specify which transaction protocols to monitor
- Specify which processes to monitor
- Specify general settings
- Configure the internal queue
- Configure the output
- Set up index lifecycle management
- Specify SSL settings
- Filter and enhance the exported data
- Parse data by using ingest node
- Export GeoIP Information
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- HTTP Endpoint
- packetbeat.reference.yml
- Exported fields
- Alias fields
- AMQP fields
- Beat fields
- Cassandra fields
- Cloud provider metadata fields
- Common fields
- DHCPv4 fields
- DNS fields
- Docker fields
- Flow Event fields
- Host fields
- HTTP fields
- ICMP fields
- Kubernetes fields
- Memcache fields
- MongoDb fields
- MySQL fields
- NFS fields
- PostgreSQL fields
- Raw fields
- Redis fields
- Thrift-RPC fields
- TLS fields
- Transaction Event fields
- Measurements (Transactions) fields
- Monitoring Packetbeat
- Securing Packetbeat
- Visualizing Packetbeat data in Kibana
- Troubleshooting
- Contributing to Beats
Grant users access to Packetbeat indices
editGrant users access to Packetbeat indices
editTo enable users to access the indices Packetbeat creates, grant them read
and view_index_metadata privileges on the Packetbeat indices. If they’re
using Kibana, they also need the kibana_user role.
-
Create a reader role that has the
readandview_index_metadataprivileges on the Packetbeat indices.You can create roles from the Management > Roles UI in Kibana or through the
roleAPI. For example, the following request creates a role namedpacketbeat_reader: -
Assign your users the reader role so they can access the Packetbeat indices. For Kibana users who need to visualize the data, also assign the
kibana_userrole:-
If you’re using the
nativerealm, you can assign roles with the Management > Users UI in Kibana or through theuserAPI. For example, the following request grantspacketbeat_userthepacketbeat_readerandkibana_userroles:POST /_xpack/security/user/packetbeat_user { "password" : "YOUR_PASSWORD", "roles" : [ "packetbeat_reader","kibana_user"], "full_name" : "Packetbeat User" }
-
If you’re using the LDAP, Active Directory, or PKI realms, you assign the roles in the
role_mapping.ymlconfiguration file. For example, the following snippet grantsPacketbeat Userthepacketbeat_readerandkibana_userroles:packetbeat_reader: - "cn=Packetbeat User,dc=example,dc=com" kibana_user: - "cn=Packetbeat User,dc=example,dc=com"
For more information, see Using Role Mapping Files.
-