I'm testing packetbeat on an Azure Cloud Instance VM (Running Windows Server 2012 r2) . I have it configured to output dns, http, memcache, redis, and flow. It outputs to a logstash instance.
So far, when I search in kibana, I'm only able to find types dns, http, and flow. I'm working on determining why I'm not getting redis traffic information.
Can someone suggest a list of things I should look at to determine why it's not working? Right now, I think problems could be related to:
What port is indicated in the yml file.
What device packetbeat is configured to sniff on
Are there any other potential issues I should be aware of? Regarding devices packetbet sniffs on, is there a particular device I should be sniffing to get redis traffic? Are there things in the packetbeat log I should look out for?
Could you suggest something I could use on the Windows commandline? I do have npcap installed in winpcap compatibility mode (which is necessary to run packetbeat on windows machines). I imagine there's a way to dump port traffic using npcap?
I ran redis locally, wrote a short script to write and read from it, and verified it was sending traffic to the port I expected redis traffic to be in. I'm having trouble seeing traffic when I'm running my application though.
That said, in Kibana I've noticed logs of type "flow" that have packetbeatSource.port = 6379. Would that be from the redis traffic? Is there a reason I'd see flow logs, but not redis logs?
Scratch that last comment. As I debug on different machines, I noticed that my device numbers are different. On one machine, the Npcap Loopback Adapter was device 3, and on the other, device 4. The problem I hit when I posted my last comment was I was using the wrong device on the machine I was testing on.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.