WARNING: Version 1.0.1 of Packetbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Command Line Options
editCommand Line Options
editThe following command line options are available for Packetbeat.
$ ./packetbeat -h Usage of ./packetbeat: -I string file -N Disable actual publishing for testing -O Read packets one at a time (press Enter) -c string Configuration file (default "/etc/packetbeat/packetbeat.yml") -configtest Test configuration and exit. -cpuprofile string Write cpu profile to file -d string Enable certain debug selectors -devices Print the list of devices and exit -dump string Write all captured packets to this libpcap file -e Log to stderr and disable syslog/file output -l int Loop file. 0 - loop forever (default 1) -memprofile string Write memory profile to this file -t Read packets as fast as possible, without sleeping -v Log at INFO level -version Print version and exit -waitstop int Additional seconds to wait before shutting down
Packet-Beat Specific Options
editThese command line options are specific to Packetbeat:
-
-I <file>
-
Pass a pcap file as input to Packetbeat instead of reading packets from the network.
This option is useful only for testing Packetbeat. Example:
-I ~/pcaps/network_traffic.pcap
. -
-O
- Read packets one by one by pressing Enter after each. This option is useful only for testing Packetbeat.
-
-devices
- Print the list of devices that are available for sniffing.
-
-dump <file>
- Write all captured packets to a file. This option is useful for troubleshooting Packetbeat.
-
-l <n>
-
Read the pcap file
n
number of times. Use this option in combination with the-I
option. For an infinite loop, use 0. The-l
option is useful only for testing Packetbeat. -
-t
-
Read the packets from the pcap file as fast as possible without sleeping. Use this option in combination with the
-I
option. The-t
option is useful only for testing Packetbeat. -
-waitstop <n>
-
Wait an additional
n
seconds before exiting.
Other Options
editThese command line options from libbeat are also available for Packetbeat:
-
-N
- Disable the publishing of events to the defined output. This option is useful only for testing the Beat.
-
-c <file>
- Pass the location of a configuration file for the Beat.
-
-configtest
- Test the configuration file and then exit. This option is useful for troubleshooting the configuration of a Beat.
-
-cpuprofile <output file>
- Write CPU profile data to the specified file. This option is useful for troubleshooting the Beat.
-
-d <selectors>
-
Enable debugging for the specified selectors. For the selectors, you can specify a comma-separated
list of components, or you can use
-d "*"
to enable debugging for all components. For example,-d "publish"
displays all the "publish" related messages. -
-e
- Log to stderr and disable syslog/file output.
-
-memprofile <output file>
- Write memory profile data to the specified output file. This option is useful for troubleshooting the Beat.
-
-v
- Enable verbose output to show INFO-level messages.
-
-version
- Display the Beat version and exit.