TCP/UDP configuration question


#1

I'm new to the packetbeat world and have installed beta3 (will get to the rc1 shortly), but am trying to enable the TCP/UDP protocol and can't seem to figure out where to enable that to see info to send to elastic. I've confirmed UDP packets coming into the box (SNMP traps in this case on port 162) where we've configured it and I thought it might be in the packetbeat.yml file that we'd enable that, but I didn't see any reference to TCP/UDP to watch specific ports.

I even tried adding some references in there to see if that might make any difference, but I don't see anything new:

udp:
ports: [161, 162]

tcp:
ports: [162, 22, 23, 115]

I also have MySQL on there and that side is working fine: I see them via Kibana UI accordingly.

Is there anything else that I'm missing?

Thanks.


(Andrew Kroh) #2

Hi @uvmvball,

Packetbeat currently supports the protocols listed here: https://www.elastic.co/guide/en/beats/packetbeat/current/_overview.html

SNMP is not one of them, but Logstash has support for SNMP traps: https://www.elastic.co/guide/en/logstash/current/plugins-inputs-snmptrap.html


#3

My real question was how to enable the new UDP/TCP protos as I can’t seem to get that working in order to produce any results. I was just using SNMP as example UDP traffic that is coming in.

Sorry for the confusion!

Brad


(Steffen Siering) #4

packetbeat works on application layer. It will process TCP/UDP packets by default and (depending on port numbers) forward traffic to application layer analyzers. Unfortunately Packetbeat does not yet publish any stats on IP, TCP or UDP layer. Feel free to add an enhancement request (or Pull request) to packetbeat.


(system) #5