How to configure my packbeat to write http access information in my index?

I want to record the access information to websites coming from a pc. I am using packetbeat but the information that is recorded still does not answer me. I believe I'm configuring wrong my packetbeat.yml file

What exactly do you mean by "access information".

Also see packetbeat http module settings:

You can add send_headers: true, send_all_headers: true, split_cookie: true, send_request: true and send_response: true, to collect quite some more data (at the cost of much bigger events to be stored in Elasticsearch).


Thank you very much!
I'm interested in saving the entire url that was typed into the browser by the user. I would also like to save the data sent by the form.

With the information you gave me, I was able to save some interesting information.

Now I will try to filter to save only what is needed.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.