Packetbeat not monitoring https protocol

Hello

Environment detail -

We are having Elasticsearch cluster running with secured http port 9200, 9201 & 9202 with version 8.3

We have installed packetbeat v8.3 on elasticsearch server to monitor the http traffic on port elastic ports to identify the connection detail from source along with taken time to complete the incoming connection.
E.g, - how much time each search query is taking to respond

Problem Statement -
The problem what we have here is packetbeat not able to monitor the https traffic on servers, if i disable the xpack.http.security then all work as expected

But when i change back to https then it stopped working and in kibana we get below message

"error.message": [
** "Unmatched response"**
]

Below is the responce recorded while monitoring https connection

{
"_index": ".ds-packetbeat-8.3.2-2022.08.25-000006",
"_id": "5r32EYMBpPwW6PPcq4wA",
"_version": 1,
"_score": 0,
"_source": {
"@timestamp": "2022-09-06T08:41:59.786Z",
"type": "http",
"source": {
"port": 52180,
"ip": "XXXXXXX"
"hostname": "XXXXXXX"
},
"related": {
"ip": [
"XXXXXXX",
"XXXXXXX"
]
},
"server": {
"ip": "XXXXXXX",
"port": 9200
},
"event": {
"end": "2022-09-06T08:41:59.786Z",
"kind": "event",
"category": [
"network"
],
"type": [
"connection",
"protocol"
],
"dataset": "http"
},
"client": {
"ip": "XXXXXXX",
"port": 52180
},
"network": {
"protocol": "http",
"direction": "ingress",
"community_id": "1:w52+vYsPE9ZDmsP4remWb4sm3os=",
"type": "ipv4",
"transport": "tcp"
},
"ecs": {
"version": "8.0.0"
},
"http": {
"response": {
"headers": {
"content-length": 0
}
}
},
"error": {
"message": "Unmatched response"
},
"status": "Error",
"destination": {
"port": 9200,
"hostname": "XXXXXXX",
"ip": "XXXXXXX"
},
"host": {
"name": "XXXXXXX"
},
"agent": {
"type": "packetbeat",
"version": "8.3.2",
"ephemeral_id": "57dfa4a3-b775-4764-9c9a-80e2505acd7d",
"id": "bda05369-240e-4ebb-96bb-afeef9535ffd",
"name": "XXXXXXX"
}
},
"fields": {
"notes": [
"Unmatched response"
],
"event.category": [
"network"
],
"destination.port": [
9200
],
"server.ip": [
"XXXXXXX"
],
"event.end": [
"2022-09-06T08:41:59.786Z"
],
"type": [
"http"
],
"agent.type": [
"packetbeat"
],
"network.protocol": [
"http"
],
"related.ip": [
"XXXXXXX",
"XXXXXXX"
],
"server.port": [
9200
],
"source.ip": [
"XXXXXXX"
],
"agent.name": [
"XXXXXXX"
],
"host.name": [
"XXXXXXX"
],
"network.community_id": [
"1:w52+vYsPE9ZDmsP4remWb4sm3os="
],
"network.direction": [
"ingress"
],
"event.kind": [
"event"
],
"network.type": [
"ipv4"
],
"http.response.headers.content-length": [
0
],
"destination.hostname": [
"XXXXXXX"
],
"client.ip": [
"XXXXXXX"
],
"agent.hostname": [
"XXXXXXX"
],
"destination.ip": [
"XXXXX"
],
"network.transport": [
"tcp"
],
"@timestamp": [
"2022-09-06T08:41:59.786Z"
],
"source.port": [
52180
],
"agent.id": [
"bda05369-240e-4ebb-96bb-afeef9535ffd"
],
"client.port": [
52180
],
"ecs.version": [
"8.0.0"
],
"source.hostname": [
"XXXXXXX"
],
"error.message": [
** "Unmatched response"**
],
"event.type": [
"connection",
"protocol"
],
"agent.ephemeral_id": [
"57dfa4a3-b775-4764-9c9a-80e2505acd7d"
],
"agent.version": [
"8.3.2"
],
"event.dataset": [
"http"
],
"status": [
"Error"
]
}
}

Any suggesstion will be helpful

Regards
Pratiksha

1 Like

hello Team,

Any suggestion will be helpful

Regards
Pratiksha

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.