I'm looking for any documentation on the current packetbeat structure, as well as how to add new protocols ... if this exists. I've installed the project, compiled and tested a little. But other than just starting going through the code ... this would help.
Best I could find myself was just this placeholder:
https://www.elastic.co/guide/en/beats/devguide/6.x/protocol-modules.html
Hello @dhughes,
Sadly, we don't have specific doc to explain how to add new protocols to packetbeat.
I think it would be easier to just look through an existing protocol, UDP and TCP are a good starting point.
Thanks much for the response. I lieu of any other writeup, I found this post Packetbeat:How to add a new protocol? that describes some steps.
Specifically, what I'm looking to do is add a new protocol, that sits above UDP (i.e. application layer).
I don't find a good example to base off of then. I see a DNS UDP implementation but I don't think that this uses the plugin method that seems to be the prescribed way to go. If there's a better example of a protocol to use please indicate (UDP example, if it matters much as different from a protocol that sits above TCP such as HTTP ...)
Just a basic outline as to how to begin would be most helpful, such as in the post above.
Thanks again -
David H.
@dhughes Not sure what you mean by not using the plugin method? I've looked at https://github.com/elastic/beats/blob/master/packetbeat/protos/dns/dns.go and It is a plugin?
Yes, you're right once I looked closer I see where the DNS protocol plugin definition was in dns.go, not dns_udp.go.
We've implemented our own protocol and are working on parsing, and then on to creating transactions.
Thanks -
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.