I want to record the access information to websites coming from a pc. I am using packetbeat but the information that is recorded still does not answer me. I believe I'm configuring wrong my packetbeat.yml file
What exactly do you mean by "access information".
Also see packetbeat http module settings: https://www.elastic.co/guide/en/beats/packetbeat/current/configuration-protocols.html#_http_configuration_options
You can add send_headers: true, send_all_headers: true, split_cookie: true, send_request: true and send_response: true, to collect quite some more data (at the cost of much bigger events to be stored in Elasticsearch).
2 Likes
Thank you very much!
I'm interested in saving the entire url that was typed into the browser by the user. I would also like to save the data sent by the form.
With the information you gave me, I was able to save some interesting information.
Now I will try to filter to save only what is needed.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.