Packetbeat File Output Options

sdeshpande · February 27, 2017, 1:43pm

Hi Guys,

I have couple of questions with Packetbeat.
I am trying to implement Packetbeat to sniff traffic on my network so that we can feed the collected data to a analytics platform. I have a span port configured on our network which is connected to the server on which Packetbeat is installed. I am able to see the data coming in to packetbeat and I want to write that to flat file. I am currently using packetbeat's File Output but I find it limited with respect to options it provides ( I could be completely wrong as I may not know other options it has)

Can you please tell me if there is a way to specify Date and Time in the fileaname like (%MMDDYYYY)
Can you please tell me if there is an option so that we can compress the Packetbeat file output ? I am generating over 1GB of data every hour and I will it might be a good idea to compress it.

The output options I have chosen are as below.
output.file:
path: "/datacollection/packetbeat"
filename: output
rotate_every_kb: 100000
#number_of_files: 7

Thank you very much.

steffens · February 27, 2017, 11:35pm

including the date in the filename and compress on write (or rotate) are currently not available from beats. Feel free to open an enhancement request.

As workaround you can use the console output and use tools like multilog or tinylog.

sdeshpande · February 28, 2017, 1:00pm

Thank you for the response Steffen.

Regards

system · March 28, 2017, 1:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
File output extension Beats packetbeat	2	282	May 28, 2021
Reliability of Packetbeat Logs Beats packetbeat	3	1041	July 5, 2017
Packetbeat debugging - no file output Beats packetbeat	5	1105	June 28, 2017
Beat File Output Dynamic Naming Beats	4	2112	September 18, 2017
Multiple interface sniffing with packetbeat & output to 1 file Beats packetbeat	1	589	March 10, 2021

Packetbeat File Output Options

Related topics