文章目录
- 一、Packetbeat 简介
- 二、packetbeat部署和使用
- 2.1 官方下载解压
- 2.2 修改配置文件
- 2.3 导入索引模板和dashboard
- 2.4 启动packetbeat
- 三、效果展示
一、Packetbeat 简介
Packetbeat 是一款轻量型实时网络数据包分析器,能够将主机和容器中的数据发送至 Logstash 或 Elasticsearch等存储中。
Packetbeat的工作原理是捕获应用程序服务器之间的网络流量,解码应用程序层协议(HTTP、MySQL、Redis等),将请求与响应关联起来,并记录每个事务的字段。
Packetbeat目前支持的协议有:
- HTTP
- MySQL
- PostgreSQL
- Redis
- Thrift-RPC
- MongoDB
- DNS
- Memcache
二、packetbeat部署和使用
**ElasticSearch和kibana部署参考:https://xuehui.blog.csdn.net/article/details/107637571
2.1 官方下载解压
curl -L -O https://artifacts.elastic.co/downloads/beats/packetbeat/packetbeat-8.6.1-linux-x86_64.tar.gz
tar xzvf packetbeat-8.6.1-linux-x86_64.tar.gz
2.2 修改配置文件
packetbeat.yml
packetbeat.interfaces.device: any
packetbeat.interfaces.type: af_packet
packetbeat.protocols.mysql:
ports: [3306]
send_request: true
include_rows_affected:true
output.elasticsearch:
host: ["xxx:9200"]
index: "packetbeat-mysql-%{+yyyy.MM.dd}"
setup.template.name: "packetbeat"
setup.template.pattern: "packetbeat*"
setup.kibana:
host: "xxx:5601"
2.3 导入索引模板和dashboard
./packetbeat export template > packetbeat.template.json
curl -H 'Content-Type: application/json' -XPUT 'http://xxx:9200/_template/packetbeat' -d@/etc/packetbeat/packetbeat.template.json
./packetbeat setup --dashboards -e packetbeat
2.4 启动packetbeat
./packetbeat -c packetbeat.yml -e
三、效果展示
