150 lines
5.2 KiB
YAML
150 lines
5.2 KiB
YAML
#################### Packetbeat Configuration Example #########################
|
|
|
|
# This file is an example configuration file highlighting only the most common
|
|
# options. The packetbeat.full.yml file from the same directory contains all the
|
|
# supported options with more comments. You can use it as a reference.
|
|
#
|
|
# You can find the full configuration reference here:
|
|
# https://www.elastic.co/guide/en/beats/packetbeat/index.html
|
|
|
|
#============================== Network device ================================
|
|
|
|
# Select the network interface to sniff the data. On Linux, you can use the
|
|
# "any" keyword to sniff on all connected interfaces.
|
|
packetbeat.interfaces.device: any
|
|
|
|
#================================== Flows =====================================
|
|
|
|
# Set `enabled: false` or comment out all options to disable flows reporting.
|
|
packetbeat.flows:
|
|
# Set network flow timeout. Flow is killed if no packet is received before being
|
|
# timed out.
|
|
timeout: 30s
|
|
|
|
# Configure reporting period. If set to -1, only killed flows will be reported
|
|
period: 10s
|
|
|
|
#========================== Transaction protocols =============================
|
|
|
|
packetbeat.protocols.icmp:
|
|
# Enable ICMPv4 and ICMPv6 monitoring. Default: false
|
|
enabled: true
|
|
|
|
packetbeat.protocols.amqp:
|
|
# Configure the ports where to listen for AMQP traffic. You can disable
|
|
# the AMQP protocol by commenting out the list of ports.
|
|
ports: [5672]
|
|
|
|
packetbeat.protocols.cassandra:
|
|
#Cassandra port for traffic monitoring.
|
|
ports: [9042]
|
|
|
|
packetbeat.protocols.dns:
|
|
# Configure the ports where to listen for DNS traffic. You can disable
|
|
# the DNS protocol by commenting out the list of ports.
|
|
ports: [53]
|
|
|
|
# include_authorities controls whether or not the dns.authorities field
|
|
# (authority resource records) is added to messages.
|
|
include_authorities: true
|
|
|
|
# include_additionals controls whether or not the dns.additionals field
|
|
# (additional resource records) is added to messages.
|
|
include_additionals: true
|
|
|
|
packetbeat.protocols.http:
|
|
# Configure the ports where to listen for HTTP traffic. You can disable
|
|
# the HTTP protocol by commenting out the list of ports.
|
|
ports: [80, 8080, 8000, 5000, 8002]
|
|
|
|
packetbeat.protocols.memcache:
|
|
# Configure the ports where to listen for memcache traffic. You can disable
|
|
# the Memcache protocol by commenting out the list of ports.
|
|
ports: [11211]
|
|
|
|
packetbeat.protocols.mysql:
|
|
# Configure the ports where to listen for MySQL traffic. You can disable
|
|
# the MySQL protocol by commenting out the list of ports.
|
|
ports: [3306]
|
|
|
|
packetbeat.protocols.pgsql:
|
|
# Configure the ports where to listen for Pgsql traffic. You can disable
|
|
# the Pgsql protocol by commenting out the list of ports.
|
|
ports: [5432]
|
|
|
|
packetbeat.protocols.redis:
|
|
# Configure the ports where to listen for Redis traffic. You can disable
|
|
# the Redis protocol by commenting out the list of ports.
|
|
ports: [6379]
|
|
|
|
packetbeat.protocols.thrift:
|
|
# Configure the ports where to listen for Thrift-RPC traffic. You can disable
|
|
# the Thrift-RPC protocol by commenting out the list of ports.
|
|
ports: [9090]
|
|
|
|
packetbeat.protocols.mongodb:
|
|
# Configure the ports where to listen for MongoDB traffic. You can disable
|
|
# the MongoDB protocol by commenting out the list of ports.
|
|
ports: [27017]
|
|
|
|
packetbeat.protocols.nfs:
|
|
# Configure the ports where to listen for NFS traffic. You can disable
|
|
# the NFS protocol by commenting out the list of ports.
|
|
ports: [2049]
|
|
|
|
#================================ General =====================================
|
|
|
|
# The name of the shipper that publishes the network data. It can be used to group
|
|
# all the transactions sent by a single shipper in the web interface.
|
|
#name:
|
|
|
|
# The tags of the shipper are included in their own field with each
|
|
# transaction published.
|
|
#tags: ["service-X", "web-tier"]
|
|
|
|
# Optional fields that you can specify to add additional information to the
|
|
# output.
|
|
#fields:
|
|
# env: staging
|
|
|
|
#================================ Outputs =====================================
|
|
|
|
# Configure what outputs to use when sending the data collected by the beat.
|
|
# Multiple outputs may be used.
|
|
|
|
#-------------------------- Elasticsearch output ------------------------------
|
|
output.elasticsearch:
|
|
# Array of hosts to connect to.
|
|
hosts: ["localhost:9200"]
|
|
|
|
# Optional protocol and basic auth credentials.
|
|
#protocol: "https"
|
|
#username: "elastic"
|
|
#password: "changeme"
|
|
|
|
#----------------------------- Logstash output --------------------------------
|
|
#output.logstash:
|
|
# The Logstash hosts
|
|
#hosts: ["localhost:5044"]
|
|
|
|
# Optional SSL. By default is off.
|
|
# List of root certificates for HTTPS server verifications
|
|
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
|
|
|
|
# Certificate for SSL client authentication
|
|
#ssl.certificate: "/etc/pki/client/cert.pem"
|
|
|
|
# Client Certificate Key
|
|
#ssl.key: "/etc/pki/client/cert.key"
|
|
|
|
#================================ Logging =====================================
|
|
|
|
# Sets log level. The default log level is info.
|
|
# Available log levels are: critical, error, warning, info, debug
|
|
#logging.level: debug
|
|
|
|
# At debug level, you can selectively enable logging only for some components.
|
|
# To enable all selectors use ["*"]. Examples of other selectors are "beat",
|
|
# "publish", "service".
|
|
#logging.selectors: ["*"]
|