I am trying to start the packet beat in my linux machine(64bit). I am using the below command ,
./packetbeat -e -c packetbeat.yml. The system is waiting silently without throwing any error or any message.
Am I doing the procedure in right. Please correct me if I am wrong.
Thanks
That's about right. You can increase the verbosity with -v or -d "*" for all debug output. If it doesn't seem to pick up traffic, please post your config.
I didn't make changes in my yml file. I amusing the default setup only. I am getting this log information
2016/01/22 12:30:24.569096 beat.go:97: DBG Initializing output plugins
2016/01/22 12:30:24.569167 geolite.go:24: INFO GeoIP disabled: No paths were set under output.geoip.paths
2016/01/22 12:30:24.569239 client.go:244: DBG ES Ping(url=http://localhost:9200, timeout=1m30s)
2016/01/22 12:30:24.570128 client.go:253: DBG Ping status code: 200
2016/01/22 12:30:24.570147 outputs.go:111: INFO Activated elasticsearch as output plugin.
2016/01/22 12:30:24.570179 publish.go:198: DBG create output worker: 0x0, 0xc8210ae1a0
2016/01/22 12:30:24.570222 publish.go:235: DBG No output is defined to store the topology. The server fields might not be filled.
2016/01/22 12:30:24.570248 publish.go:249: INFO Publisher name: mysystem
2016/01/22 12:30:24.570385 async.go:95: DBG create bulk processing worker (interval=1s, bulk size=50)
2016/01/22 12:30:24.570438 beat.go:107: INFO Init Beat: packetbeat; Version: 1.0.1
2016/01/22 12:30:24.571105 packetbeat.go:153: DBG Initializing protocol plugins
2016/01/22 12:30:24.571118 memcache.go:105: DBG init memcache plugin
2016/01/22 12:30:24.571128 memcache.go:158: DBG maxValues = 0
2016/01/22 12:30:24.571134 memcache.go:159: DBG maxBytesPerValue = 2147483647
2016/01/22 12:30:24.571189 mongodb.go:73: DBG Init a MongoDB protocol parser
2016/01/22 12:30:24.571293 tcp.go:211: DBG Port map: map[8002:http 3306:mysql 5432:pgsql 27017:mongodb 8080:http 5000:http 11211:memcache 6379:redis 9090:thrift 80:http 8000:http]
2016/01/22 12:30:24.571312 udp.go:93: DBG Port map: map[53:dns 11211:memcache]
2016/01/22 12:30:24.571319 packetbeat.go:192: DBG Initializing sniffer
2016/01/22 12:30:24.571341 sniffer.go:247: DBG BPF filter: tcp port 80 or tcp port 8080 or tcp port 8000 or tcp port 5000 or tcp port 8002 or tcp port 3306 or tcp port 6379 or tcp port 5432 or tcp port 9090 or tcp port 27017 or udp port 53 or port 11211
2016/01/22 12:30:24.571354 sniffer.go:129: DBG Sniffer type: pcap device: any
2016/01/22 12:30:24.580296 decoder.go:37: DBG Layer type: Linux SLL
2016/01/22 12:30:24.580451 beat.go:133: INFO packetbeat sucessfully setup. Start running.
2016/01/22 12:30:24.580465 packetbeat.go:224: DBG Waiting for the sniffer to finish
2016/01/22 12:30:24.580513 sniffer.go:293: DBG Interrupted
2016/01/22 12:30:25.081082 sniffer.go:293: DBG Interrupted
2016/01/22 12:30:25.581741 sniffer.go:293: DBG Interrupted
2016/01/22 12:30:26.082349 sniffer.go:293: DBG Interrupted
2016/01/22 12:30:26.582942 sniffer.go:293: DBG Interrupted
2016/01/22 12:30:27.083626 sniffer.go:293: DBG Interrupted
2016/01/22 12:30:27.584300 sniffer.go:293: DBG Interrupted
2016/01/22 12:30:28.084911 sniffer.go:293: DBG Interrupted
I have the same problem, any idea how to solve????
Have you tried running packetbeat as root? Is promiscuous mode enabled for your NICs?
It has been solved for me. I have commented some unused setting which is not relevant for my scenario . It has working now.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.