Reliability of Packetbeat Logs

Elastic Stack Beats
1

Greetings,

There is a setting in the configuration template of Packetbeat on Github, where one can instruct Packetbeat to output logs to a local file.

Two questions regarding this setting:

  1. Is it guaranteed to have these logs written to local disk before the HTTP requests reach our application server for processing? We need this for recovery purposes.

  2. What is the difference between the settings for file output and the settings for logging in the Packetbeat configuration template on Github?

Thank you!

2
  1. Not sure if it would be guaranteed.
  2. Logging is the output from the application code itself, any errors etc that it encounters. It is not the packet data.
3

packetbeat handles transactions. If no response is ever seen, the request might timeout after some seconds. Not sure if incomplete transaction is published by http protocol analyzer. With packetbeat being a passive network sniffer, I don't see how packetbeat will help with resiliency.