Packetbeat not capturing anything when `packetbeat.flows: enabled: false`

shreyapatel · October 9, 2019, 8:54pm

I am using Packetbeat v5.6.16 and want to monitor the data in P4 packets captured.

Enabling packetbeat.flows does not capture the individual packet data; only header information in bulk is captured.
Disabling packetbeat.flows does not capture anything.
The logs do not show any errors. Please guide me on how should I proceed to resolve this. Thanks!

packetbeat.yml

packetbeat.interfaces.device: ens1f0
packetbeat.interfaces.type: af_packet
packetbeat.interfaces.buffer_size_mb: 100
packetbeat.interfaces.snaplen: 65535

packetbeat.flows:
  enabled: false
  timeout: 30s
  period: 10s
packetbeat.protocols.dns:
  enabled: true
  ports: [53, 123]
  send_request: true
  send_response: true
  include_authorities: true
  include_additionals: true
output.file:
  path: "/etc/packetbeat"
  filename: packetbeat_capture

system · November 6, 2019, 8:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ICMP setting ignored? Beats packetbeat	4	1508	July 25, 2016
No stdout and logs from Packetbeat Beats packetbeat	1	345	February 16, 2021
Is there a reliable way to measure packetbeat capture loss? Beats packetbeat	1	492	July 25, 2018
PacketBeat doesn't reflect the real flow data Kibana	2	595	May 2, 2018
Packetbeats mechanism for capturing network flow data Beats packetbeat	1	340	September 22, 2020

Packetbeat not capturing anything when `packetbeat.flows: enabled: false`

Related topics