Documentation on adding new Packetbeat protocols

I'm looking for any documentation on the current packetbeat structure, as well as how to add new protocols ... if this exists. I've installed the project, compiled and tested a little. But other than just starting going through the code ... this would help.

Best I could find myself was just this placeholder:

https://www.elastic.co/guide/en/beats/devguide/6.x/protocol-modules.html

• Thanks in advance -

Hello @dhughes,

Sadly, we don't have specific doc to explain how to add new protocols to packetbeat.
I think it would be easier to just look through an existing protocol, UDP and TCP are a good starting point.

Thanks much for the response. I lieu of any other writeup, I found this post Packetbeat:How to add a new protocol? that describes some steps.

Specifically, what I'm looking to do is add a new protocol, that sits above UDP (i.e. application layer).

I don't find a good example to base off of then. I see a DNS UDP implementation but I don't think that this uses the plugin method that seems to be the prescribed way to go. If there's a better example of a protocol to use please indicate (UDP example, if it matters much as different from a protocol that sits above TCP such as HTTP ...)

Just a basic outline as to how to begin would be most helpful, such as in the post above.

Thanks again -

David H.

@dhughes Not sure what you mean by not using the plugin method? I've looked at https://github.com/elastic/beats/blob/master/packetbeat/protos/dns/dns.go and It is a plugin?

Yes, you're right once I looked closer I see where the DNS protocol plugin definition was in dns.go, not dns_udp.go.

We've implemented our own protocol and are working on parsing, and then on to creating transactions.

Thanks -

• David H.

@dhughes what protocol you are trying to parse and would you be interested in contributing it back?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.