I am building beats on MacOS for the native integration feature, I have successfully built & deployed auditbeat, and during the build process I was able to find the file which the build was using in the template.
File looks like auditbeat.yml.tmpl
However, in the packetbeat directory, no such file exists.
To anyone who has built a beat from source, where do you find the packetbeat.yml source file that the build will use? Logs have shown that the source file is in the packetbeat.tar.gz file, but when I edit and rebuild, it goes back to the stock configuration.
Editing packetbeat.yml file in the base directory as well as build/package/packebeat-darwin-amd64.tar.gz/packetbeat.yml does nothing.
So I went ahead and edited one of those _meta files and that got me halfway there. I was able to disable flows and other things, however, I can't find where the elastic cloud settings should be set.
I'm attempting to build a packebeat installer with everything pre-configured so I can deploy it to all devices with no setup from the user.
As you probably know, Packetbeat is one of many Beats. All Beats have some common features, e.g. the Elasticsearch output. These common features are implemented in a shared library called libbeat. Similarly, any configuration associated with these common features is also defined under the libbeat folder. So I'm guessing the Elastic Cloud settings you're referring to are in here: https://github.com/elastic/beats/blob/master/libbeat/_meta/config.yml.tmpl.
Thank you for your help! I'll put my elastic cloud settings in the file there.
Perhaps a feature request could be adding those .tmpl files in every beat build (like Auditbeat in my original post) so users can easily configure them?
If you have a GitHub account, feel free to make this request (and reference this discuss post) via a GitHub issue in https://github.com/elastic/beats. That way you can follow along on progress, have input on any discussions, etc.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
