I have packetbeat configured to listen to 3306 and for mysql client processes ( mysql -h my_host ... -e "my_query" ...). I see the Query. However, I don't see the corresponding client process information. I have this problem for any process that I try do to this with. mysqld on the mysql server, php-fpm on the web servers, php cli scripts that connect to mysql (ie php /path/to/my/php/app.php).
I'm running packet as root via cmdline -
/usr/share/packetbeat/bin/packetbeat -e -c /etc/packetbeat/packetbeat.yml
# /etc/packetbeat/packetbreat.yml:
packetbeat.interfaces.device: eth0
packetbeat.protocols.mysql:
ports: [3306]
output.redis:
hosts: [ "my-redis_host:port" ]
key: "packetbeat"
datatype: "list"
packetbeats.procs:
enabled: true
monitored:
- process: mysql
cmdline_grep: mysql
this is what we see in logstash:
...
"bytes_in" => 21,
"bytes_out" => 1446,
"client_ip" => "client_ip",
"client_port" => 42482,
"client_proc" => "",
"client_server" => "",
"direction" => "out",
"ip" => "server_ip",
"method" => "SHOW",
"mysql" => {
"affected_rows" => 0,
"error_code" => 0,
"error_message" => "",
"insert_id" => 0,
"iserror" => false,
"num_fields" => 9,
"num_rows" => 12
},
"path" => ".",
"port" => 3306,
"proc" => "",
"query" => "show processlist",
"responsetime" => 0,
"server" => "",
"status" => "OK",
...