ELK之使用packetbeat分析网络包流量
介绍
SRE实战 互联网时代守护先锋,助力企业售后服务体系运筹帷幄!一键直达领取阿里云限量特价优惠。packbeat是一个开源的实时网络抓包与分析框架,内置了很多常见的协议捕获及解析,如HTTP、MySQL、Redis等。在实际使用中,通常和Elasticsearch以及kibana联合使用,用于数据搜索和分析以及数据展示。
目前Packebeat支持的协议如下:
ICMP (v4 and v6) DNS HTTP Mysql PostgreSQL Redis Thrift-RPC MongoDB Memcache
Packetbeat可以运行在应用服务器上或者独自的服务器。当运行在独自服务器上时,需要从交换机的镜像端口或者窃听设备上获取网络流量。
安装系统环境查看
下载rpm包安装
rpm -vih packetbeat-6.6.2-x86_64.rpm
修改配置文件
/etc/packetbeat/packetbeat.yml
packetbeat.interfaces.device: eth0 packetbeat.flows: timeout: 30s period: 10s packetbeat.protocols: - type: icmp enabled: true - type: amqp ports: [5672] - type: cassandra ports: [9042] - type: dhcpv4 ports: [67, 68] - type: dns ports: [53] include_authorities: true include_additionals: true - type: http ports: [80, 8080, 8000, 5000, 8002] - type: memcache ports: [11211] - type: mysql ports: [3306] - type: pgsql ports: [5432] - type: redis ports: [6379] - type: thrift ports: [9090] - type: mongodb ports: [27017] - type: nfs ports: [2049] - type: tls ports: [443] setup.template.settings: index.number_of_shards: 3 setup.kibana: host: "172.16.90.24:5601" output.elasticsearch: hosts: ["172.16.90.24:9200"] processors: - add_host_metadata: ~ - add_cloud_metadata: ~
导入kibana模板
packetbeat setup --dashboards
kibana查看
更多精彩
