I am extending a new packetbeat, just wondering that the beat can bind and listen a port, if it can get the inbound and outbound byte via the port. i.e.: while listening to a HTTP port like 80, can we get the HTTP request and HTML code in the beat?
Not sure I understand, do you want to add a new protocol in Packetbeat that is based on HTTP?
Or do you want to actually accept TCP connections in Packetbeat? In the latter case, it's better to create a new beat for that.
More details about what you're trying to accomplish would be helpful.
Actually, we are going to audit the data flow in our data platform, e.g.: we gotta monitor how many bytes send to client side by a SQL request(maybe not a SQL query but a FTP request). Like:
SQL query "select * from XXX" returns 500Bytes data. FTP request "dump.zip" returns 100M bytes.
Ok, I think the SQL part should be possible already with Packetbeat for mysql & postgresql. An FTP protocol would be interesting to add to PB.
I didn't really go thru the code of mysql etc.. I tested the HTTP protocol, the beat can only capture the inbound request, not the outbound response.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.