I cannot get proc details for tcp6 port, not sure if Packetbeat is able to grab it.
I want to monitor http 8181 port, for java process (currently pid 8985).
netstat --all --program | grep 8985:
tcp 0 0 :5005 : LISTEN 8985/java
....
tcp6 0 0 [::]:8181 [::]: LISTEN 8985/java
I've setup packetbeat.yml with this config:
packetbeat.protocols.http: ports: [5005, 8181] packetbeat.procs: enabled: true monitored: - process: java cmdline_grep: java
And I'm intercepting requests, however they doesnt have 'proc' field filled:
{ ... "ip":"127.0.0.1","method":"GET","path":"/api/endpoint-test","port":8181,"proc":"" }
I've enabled debug and I can see that packetbeat found port 5005 (tcp)
2017-06-01T13:04:57+02:00 DBG UpdateMappingEntry(): port=5005 pid=%!d(string=java)
But it doesn't know about 8181 which is tcp6.
I've check source code and it looks suspicious for me:
ipv6socks, err := socketsFromProc("/proc/net/tcp6", true)
...
func socketsFromProc(filename string, ipv6 bool) (*socketInfo, error) {
file, err := os.Open("/proc/net/tcp")
if err != nil {
return nil, err
}
defer file.Close()
return parseProcNetTCP(file, false)
}
If i'm not mistaken filename variable is not used and /proc/net/tcp6 is not scanned.
Am I doing sth wrong or is there a bug in code?
(Im using version 5.4.x)