Hi I have written a plugin for a TCP application the packets contain plain TCP data. I want to integrate with the packetbeat and use it in debug mode. To see if the new plugin is doing. I'm new to packetbeat.
Thanks.
filebeat or packetbeat?
have you had a look at packetbeat system tests: https://github.com/elastic/beats/tree/master/packetbeat/tests/system
These tests use packetbeat to process pcap files and validate the generated events.
packetbeat. will have a look at it. thanks
@steffens
I'm able to register my plugin with packetbeat now. The protocol is being registered and is also parsing the packets for that protocol but it is not publishing the event. Any idea why??
Have you configured the port number correctly?
Have you tried to run packetbeat with -d '*'? This will enable debug logs. Add a debug statement when a packet is parsed and check packets are correctly forwarded to your plugin.
Yes I have configured the port. The packet data is being parsed and the tcp flow event is being published but the protocol events(from custom publisher) are not being published.
well, time to debug your protocol analyzer.
As I already noted, add a debug statement to your Parse method in order to check a packet is actually parsed.
If you run with -d '*' you will see all published events on console. If your events are missing, it's time to debug your code actually working correctly. Add some more debug statements before/after parsing, before/after message correlation, before/after generating an event and so on.
Have you used the code generator? https://github.com/elastic/beats/tree/master/generate/packetbeat/tcp-protocol
@steffens thanks. I tested the plugin, it works 
Cool!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.