forked from elastic/beats
-
Notifications
You must be signed in to change notification settings - Fork 0
/
packetbeat.conf
152 lines (118 loc) · 4.68 KB
/
packetbeat.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
###
### Packetbeat Agent configuration file.
###
### Packetbeat is a protocol monitoring service that
### works by sniffing the network traffic between your application
### components. It dumps the results into Elasticsearch.
###
### Go to http://packetbeat.com/getstarted for more details.
###
[output]
# Select the type of outputs where Packetbeat dumps the transactions
# in a JSON format
# Uncomment the following lines to enable Elasticsearch as output
[output.elasticsearch]
# Comment this option if you don't want to output to Elasticsearch. By default is false.
enabled = true
# Set the host and port where to find Elasticsearch.
host = "localhost"
port = 9200
# Optional protocol and basic auth credentials
# protocol = "https"
# username = "admin"
# password = "s3cr3t"
# Comment this option if you don't want to store the topology in Elasticsearch. By default is false.
save_topology = true
# Optional index name. By default is packetbeat and generates [packetbeat-]YYYY.MM.DD keys.
# index = "packetbeat"
# Optional HTTP Path
# path = "/elasticsearch"
[output.redis]
# Uncomment out this option if you want to output to Redis. By default is false.
# enabled = true
# Set the host and port where to find Redis.
host = "localhost"
port = 6379
# Uncomment out this option if you want to store the topology in Redis. By default is false.
# save_topology = true
# Optional index name. By default is packetbeat and generates packetbeat keys.
# index = "packetbeat"
# Optional Redis database number where the events are stored
# By default is 0.
# db = 0
# Optional Redis database number where the topology is stored
# By default is 1. It must have a different value than db.
# db_topology = 1
# Optional password to authenticate with. By default, no
# password is set.
# password = ""
# Optional Redis initial connection timeout in seconds.
# By default is 5 seconds.
# timeout = 5
# Optional interval for reconnecting to failed Redis connections.
# By default is 1 second.
# reconnect_interval = 1
[interfaces]
# Select on which network interfaces to sniff. You can use the "any"
# keyword to sniff on all connected interfaces.
device = "any"
[protocols]
# Configure which protocols to monitor and on which ports are they
# running. You can disable a given protocol by commenting out its
# configuration.
[protocols.http]
ports = [80, 8080, 8000, 5000, 8002]
[protocols.mysql]
ports = [3306]
[protocols.redis]
ports = [6379]
[protocols.pgsql]
ports = [5432]
[procs]
# Uncomment the following line to disable the process monitoring.
# dont_read_from_proc = true
# Which processes to monitor and how to find them. The processes can
# be found by searching their command line by a given string.
[procs.monitored.mysqld]
cmdline_grep = "mysqld"
[procs.monitored.pgsql]
cmdline_grep = "postgres"
[procs.monitored.nginx]
cmdline_grep = "nginx"
[procs.monitored.app]
cmdline_grep = "gunicorn"
[agent]
# The name of the agent as it will show up in the web interface. If not
# defined, we will just use the hostname.
#
#name=
# Uncomment the following if you want to ignore transactions created
# by the server on which the agent is installed. This option is useful
# to remove duplicates if agents are installed on multiple servers.
#ignore_outgoing = true
# How often (in seconds) agents are publishing their IPs to the topology map.
# By default is 10 seconds.
# refresh_topology_freq = 10
# Expiration time (in seconds) of the IPs published by an agent to the topology map.
# All the IPs will be deleted afterwards. Note, that the value must be higher than
# refresh_topology_freq. By default is 15 seconds.
# topology_expire = 15
[runoptions]
# The Packetbeat agent can drop privileges after creating the sniffing
# socket. Root access is required for opening the socket but everything
# else requires no privileges. Therefore, it is strongly recommended
# to have the Agent switch users after the initialization phase.
# The following two settings set the User Id and the Group Id under
# which the Agent will run.
# Warning: Because on Linux Setuid doesn't change the uid of all threads,
# the Go garbage collector will continue to run as root.
# Note: Process monitoring only works when running as root.
#uid=501
#gid=501
[passwords]
# Uncomment the following to hide certain parameters from HTTP POST
# requests. The value of the parameters will be replaced with '*' characters
# This is generally useful for avoiding storing user passwords or other
# sensitive information.
#hide_keywords = ["pass=", "password=", "passwd=", "Password="]
# vim: set ft=toml: