I checked that TCP connection was established with mac machine where ELK setup is running. I am trying to output the logs to logstash. Following are my packetbeat.yml and logs I collected by running packetbeat.exe in debug mode. I checked somewhere that Logs folder should be created, which is not being created. Thanks in advance. (Nice software, Running fine on MAC)
packetbeat.yml
interfaces:
device: 0
protocols:
http:
ports: [80, 8080]
output:
logstash:
hosts: ["0.tcp.ngrok.io:14508"]
shipper:
PS C:\Program Files\Packetbeat> & "C:\Program Files\Packetbeat\packetbeat.exe" -c "C:\Program Files\Packetbeat\packetbeat.yml" -e -v -d "*"
2016/02/27 18:44:59.447493 beat.go:135: DBG Initializing output plugins
2016/02/27 18:44:59.447493 geolite.go:24: INFO GeoIP disabled: No paths were set under output.geoip.paths
2016/02/27 18:44:59.448497 logstash.go:106: INFO Max Retries set to: 3
2016/02/27 18:44:59.450498 client.go:90: DBG connect
2016/02/27 18:45:01.245281 outputs.go:119: INFO Activated logstash as output plugin.
2016/02/27 18:45:01.246281 publish.go:232: DBG Create output worker
2016/02/27 18:45:01.247312 publish.go:274: DBG No output is defined to store the topology. The server fields might not
be filled.
2016/02/27 18:45:01.249310 publish.go:288: INFO Publisher name: harish
2016/02/27 18:45:01.260320 async.go:78: INFO Flush Interval set to: 1s
2016/02/27 18:45:01.261320 async.go:84: INFO Max Bulk Size set to: 2048
2016/02/27 18:45:01.262299 async.go:92: DBG create bulk processing worker (interval=1s, bulk size=2048)
2016/02/27 18:45:01.264343 beat.go:147: INFO Init Beat: packetbeat; Version: 1.1.1
2016/02/27 18:45:01.273349 packetbeat.go:166: DBG Initializing protocol plugins
2016/02/27 18:45:01.274350 mongodb.go:73: DBG Init a MongoDB protocol parser
2016/02/27 18:45:01.275356 memcache.go:105: DBG init memcache plugin
2016/02/27 18:45:01.277352 memcache.go:158: DBG maxValues = 0
2016/02/27 18:45:01.279354 memcache.go:159: DBG maxBytesPerValue = 2147483647
2016/02/27 18:45:01.287388 icmp.go:69: DBG Local IP addresses: [fe80::ddc:ff02:3e28:e24 169.254.14.36 fe80::a505:772e:1
3cc:6d59 169.254.109.89 fe80::cdea:a46f:fcbe:6f78 192.168.0.7 fe80::b0e8:27ee:a4cc:5145 169.254.81.69 ::1 127.0.0.1 2001
:0:9d38:90d7:8e8:9ad:8c9e:8b1d fe80::8e8:9ad:8c9e:8b1d fe80::5efe:c0a8:7]
2016/02/27 18:45:01.289364 tcp.go:251: DBG tcp%!(EXTRA string=Port map: %v, map[uint16]protos.Protocol=map[80:http 8080
:http])
2016/02/27 18:45:01.290390 udp.go:93: DBG Port map: map[]
2016/02/27 18:45:01.292369 packetbeat.go:212: DBG Initializing sniffer
2016/02/27 18:45:01.294375 sniffer.go:251: DBG BPF filter: tcp port 80 or tcp port 8080
2016/02/27 18:45:01.475537 sniffer.go:119: INFO Resolved device index 0 to device: \Device\NPF_{B4C8F6CC-FD0F-4B96-81B1-
0DBCD23EC0F3}
2016/02/27 18:45:01.475537 sniffer.go:130: DBG Sniffer type: pcap device: \Device\NPF_{B4C8F6CC-FD0F-4B96-81B1-0DBCD23E
C0F3}
2016/02/27 18:45:01.491548 decoder.go:63: DBG Layer type: Ethernet
2016/02/27 18:45:01.491548 beat.go:173: INFO packetbeat sucessfully setup. Start running.
2016/02/27 18:45:01.491548 packetbeat.go:244: DBG Waiting for the sniffer to finish
2016/02/27 18:45:01.492550 service_windows.go:49: DBG Windows is interactive: true
2016/02/27 18:45:01.994033 sniffer.go:297: DBG Interrupted
2016/02/27 18:45:02.494746 sniffer.go:297: DBG Interrupted
2016/02/27 18:45:02.995001 sniffer.go:297: DBG Interrupted