We try to setup packetbeat to 6.5.4 to parse AMQP protocol.
However we don't see messages body sent to Elastic and indexed.
Do we miss something ?
Hi,
Can you give us:
- The rabbitmq version
- Your configuration (packetbeat.yml)
- The output of running packetbeat with debug enabled (
-d '*').
Hi,
Thanks for your prompt response.
I am using RabbitMQ 3.7.9 version
packetbeat.yml :
packetbeat.interfaces.device: any
packetbeat.interfaces.type: af_packet
packetbeat.flows:
timeout: 30s
period: 10s
packetbeat.protocols:
- type: icmp
enabled: false - type: amqp
ports: [5672]
send_request: true
send_response: true
max_body_length: 1000
parse_headers: true
parse_arguments: true - type: cassandra
ports: [9042] - type: dhcpv4
ports: [67, 68] - type: dns
include_authorities: true
include_additionals: true - type: http
- type: memcache
ports: [11211] - type: mysql
ports: [3306] - type: pgsql
ports: [5432] - type: redis
ports: [6379] - type: thrift
ports: [9090] - type: mongodb
ports: [27017] - type: nfs
ports: [2049] - type: tls
ports: [443]
setup.template.settings:
index.number_of_shards: 3
setup.kibana:
output.elasticsearch:
hosts: ["1.1.0.1:8080"]
username: "xxxx"
password: "xx"
processors:- add_host_metadata: ~
- add_cloud_metadata: ~
logging.level: debug
logging.selectors: ["*"]
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch:
I was unable to upload or attach debug output.
Where can I send it ?
Thanks,
Alex.
can you upload the logs to some service like pastebin.com or google drive and share a link with me? You can use a private message if you don't want the log to be public.
Have you checked that your rabbitmq traffic is using this port? Can you also provide a capture (pcap) of the network traffic?
Thanks for your response again !
We use default port 5672 and I have sent you logs privately
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.