#################### Packetbeat Configuration Example ######################### # This file is an example configuration file highlighting only the most common # options. The packetbeat.full.yml file from the same directory contains all the # supported options with more comments. You can use it as a reference. # # You can find the full configuration reference here: # https://www.elastic.co/guide/en/beats/packetbeat/index.html #============================== Network device ================================ # Select the network interface to sniff the data. On Linux, you can use the # "any" keyword to sniff on all connected interfaces. packetbeat.interfaces.device: any #================================== Flows ===================================== # Set `enabled: false` or comment out all options to disable flows reporting. packetbeat.flows: # Set network flow timeout. Flow is killed if no packet is received before being # timed out. timeout: 30s # Configure reporting period. If set to -1, only killed flows will be reported period: 10s #========================== Transaction protocols ============================= packetbeat.protocols.icmp: # Enable ICMPv4 and ICMPv6 monitoring. Default: false enabled: true packetbeat.protocols.amqp: # Configure the ports where to listen for AMQP traffic. You can disable # the AMQP protocol by commenting out the list of ports. ports: [5672] packetbeat.protocols.cassandra: #Cassandra port for traffic monitoring. ports: [9042] packetbeat.protocols.dns: # Configure the ports where to listen for DNS traffic. You can disable # the DNS protocol by commenting out the list of ports. ports: [53] # include_authorities controls whether or not the dns.authorities field # (authority resource records) is added to messages. include_authorities: true # include_additionals controls whether or not the dns.additionals field # (additional resource records) is added to messages. include_additionals: true packetbeat.protocols.http: # Configure the ports where to listen for HTTP traffic. You can disable # the HTTP protocol by commenting out the list of ports. ports: [80, 8080, 8000, 5000, 8002] packetbeat.protocols.memcache: # Configure the ports where to listen for memcache traffic. You can disable # the Memcache protocol by commenting out the list of ports. ports: [11211] packetbeat.protocols.mysql: # Configure the ports where to listen for MySQL traffic. You can disable # the MySQL protocol by commenting out the list of ports. ports: [3306] packetbeat.protocols.pgsql: # Configure the ports where to listen for Pgsql traffic. You can disable # the Pgsql protocol by commenting out the list of ports. ports: [5432] packetbeat.protocols.redis: # Configure the ports where to listen for Redis traffic. You can disable # the Redis protocol by commenting out the list of ports. ports: [6379] packetbeat.protocols.thrift: # Configure the ports where to listen for Thrift-RPC traffic. You can disable # the Thrift-RPC protocol by commenting out the list of ports. ports: [9090] packetbeat.protocols.mongodb: # Configure the ports where to listen for MongoDB traffic. You can disable # the MongoDB protocol by commenting out the list of ports. ports: [27017] packetbeat.protocols.nfs: # Configure the ports where to listen for NFS traffic. You can disable # the NFS protocol by commenting out the list of ports. ports: [2049]