elasticsearch packetbeat无法捕获大型http POST数据包,elasticsearch,logstash,kibana,elastic-stack,packetbeat,elasticsearch,Logstash,Kibana,Elastic Stack,Packetbeat" /> elasticsearch packetbeat无法捕获大型http POST数据包,elasticsearch,logstash,kibana,elastic-stack,packetbeat,elasticsearch,Logstash,Kibana,Elastic Stack,Packetbeat" />
Fatal编程技术网
  • elasticsearch/
  • elasticsearch packetbeat无法捕获大型http POST数据包

elasticsearch packetbeat无法捕获大型http POST数据包

logstash kibana

elasticsearch packetbeat无法捕获大型http POST数据包,elasticsearch,logstash,kibana,elastic-stack,packetbeat,elasticsearch,Logstash,Kibana,Elastic Stack,Packetbeat,我正在使用packetbeat和ELK(Elasticsearch、Logstash、Kibana)来监视我的服务器http数据包,它工作得很好,但是我注意到packetbeat没有捕获大型http POST请求,下面是我的packetbeat.yml文件 interfaces: device: any ############################# Protocols ####################################### protocols: d

我正在使用packetbeat和ELK(Elasticsearch、Logstash、Kibana)来监视我的服务器http数据包,它工作得很好,但是我注意到packetbeat没有捕获大型http POST请求,下面是我的packetbeat.yml文件

interfaces:
  device: any

############################# Protocols #######################################
protocols:
  dns:
    ports: [53]
    include_authorities: true
    include_additionals: true
  http:
    ports: [80, 8080, 8000, 5000, 8002]
  memcache:
    ports: [11211]
  mysql:
    ports: [3306]
  pgsql:
    ports: [5432]
  redis:
    ports: [6379]
  thrift:
    ports: [9090]
  mongodb:
    ports: [27017]

output:
  ### Logstash as output
  logstash:
    # The Logstash hosts
    hosts: ["localhost:5044"]


############################# Shipper #########################################

shipper:
############################# Logging #########################################
logging:

  files:
    rotateeverybytes: 10485760 # = 10MB
如果HTTP流变得大于~10MB,则Packetbeat

最大大小在常量中定义,该常量在运行时无法更改

如果您为Packetbeat启用调试,您应该能够通过在日志中查找“流数据太大,正在删除TCP流”来确认正在删除流。使用
-d“http”
运行Packetbeat以启用此调试输出