Packetbeat not capturing anything when `packetbeat.flows: enabled: false`

shreyapatel · October 9, 2019, 8:54pm

I am using Packetbeat v5.6.16 and want to monitor the data in P4 packets captured.

Enabling packetbeat.flows does not capture the individual packet data; only header information in bulk is captured.
Disabling packetbeat.flows does not capture anything.
The logs do not show any errors. Please guide me on how should I proceed to resolve this. Thanks!

packetbeat.yml

packetbeat.interfaces.device: ens1f0
packetbeat.interfaces.type: af_packet
packetbeat.interfaces.buffer_size_mb: 100
packetbeat.interfaces.snaplen: 65535

packetbeat.flows:
  enabled: false
  timeout: 30s
  period: 10s
packetbeat.protocols.dns:
  enabled: true
  ports: [53, 123]
  send_request: true
  send_response: true
  include_authorities: true
  include_additionals: true
output.file:
  path: "/etc/packetbeat"
  filename: packetbeat_capture

system · November 6, 2019, 8:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.