Hi all,
Has anyone managed to automate the deployment of packetbeat to Windows 10 machines? I can't figure out how to define the monitoring interfaces in packetbeat.yml on mass while keeping it relatively simple.
Thanks,
Hello, thanks for reaching out about packetbeat on Windows 10. For the Windows 10 machines, does the output of packetbeat devices vary? Perhaps there is a pattern where you could specify the first interface like this?
packetbeat.interfaces.device: 0
https://www.elastic.co/guide/en/beats/packetbeat/current/configuration-interfaces.html
1 Like
Thanks for your response Michael.
I've got an algorithm which seems do able although it's going to take me a while to put together.
It seems you can have any number of packetbeat.interfaces.device: as long as the device exists.
My theory is to do the following:
- powershell ./packetbeat.exe devices
- count the values returned
- for each "device" write to packetbeat.yml
packetbeat.interfaces.device: "device"
"device"++
and then run that each time the user logs in to ensure it's continuously accurate. It's messy but seems to be the the closest thing to a workaround I can pull together.
Do you have any thoughts?
I've put this together - which uses 3 separate .yml
ConfigTemplate.yml which contains the rest of the packetbeat.yml minus the interfaces.
Interfaces.yml which is a temp file used to write the interfaces to.
packetbeat.yml which is the final config file packetbeat will use.
The python script should be in the packetbeat directory along with the config .yml's
The only limitation is that it needs python on the host machines - the next stage is to see if it can be done with powershell.
Hope this helps anyone else! Any improvements are welcome!
import subprocess
devices = subprocess.check_output(["powershell.exe", "(./packetbeat.exe devices).count"])
devicesCount = int(devices.decode('utf-8'))
print(devicesCount)
deviceCount = range(devicesCount)
with open('ConfigTemplate.yml', 'r') as original: data1 = original.read()
with open('Interfaces.yml', 'w') as modified:
for i in deviceCount:
modified.write("packetbeat.interfaces.device: " + str(i)+ "\n" )
with open('Interfaces.yml', 'r') as original: data2 = original.read()
with open('Packetbeat.yml', 'w') as modified2: modified2.write("# ================== Set listening interfaces ==================" +"\n"+ data2 + "\n" + data1 + "\n")Powershell version -
$count = (C:\path\to\packetbeat.exe - devices).count
$line = ''
for($i=0; $i -le ($count-1); $i++){
$line +="packetbeat.interfaces.device:"+" $i `r`n"
}
$line | Out-File -FilePath "C:\path\to\packetbeat\Interfaces.yml"
$configTemplate = Get-Content -Path "C:\path\to\packetbeat\ConfigTemplate.yml"
$interfaces = Get-Content -Path "C:\path\to\packetbeat\Interfaces.yml"
$interfaces + "`r`n" + $configTemplate | Out-File -FilePath "C:\path\to\packetbeat\packet.yml"
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.