I am extending a new packetbeat, just wondering that the beat can bind and listen a port, if it can get the inbound and outbound byte via the port. i.e.: while listening to a HTTP port like 80, can we get the HTTP request and HTML code in the beat?
Not sure I understand, do you want to add a new protocol in Packetbeat that is based on HTTP?
Or do you want to actually accept TCP connections in Packetbeat? In the latter case, it's better to create a new beat for that.
More details about what you're trying to accomplish would be helpful.
Actually, we are going to audit the data flow in our data platform, e.g.: we gotta monitor how many bytes send to client side by a SQL request(maybe not a SQL query but a FTP request). Like:
SQL query "select * from XXX" returns 500Bytes data. FTP request "dump.zip" returns 100M bytes.
Ok, I think the SQL part should be possible already with Packetbeat for mysql & postgresql. An FTP protocol would be interesting to add to PB.
I didn't really go thru the code of mysql etc.. I tested the HTTP protocol, the beat can only capture the inbound request, not the outbound response.