Command Line Options

edit

The following command line options are available for Packetbeat.

$ ./packetbeat -h
Usage of ./packetbeat:
  -I string
      file
  -N  Disable actual publishing for testing
  -O  Read packets one at a time (press Enter)
  -c string
      Configuration file (default "/etc/packetbeat/packetbeat.yml")
  -configtest
      Test configuration and exit.
  -cpuprofile string
      Write cpu profile to file
  -d string
      Enable certain debug selectors
  -devices
      Print the list of devices and exit
  -dump string
      Write all captured packets to this libpcap file
  -e  Log to stderr and disable syslog/file output
  -l int
      Loop file. 0 - loop forever (default 1)
  -memprofile string
      Write memory profile to this file
  -t  Read packets as fast as possible, without sleeping
  -v  Log at INFO level
  -version
      Print version and exit
  -waitstop int
      Additional seconds to wait before shutting down

Packet-Beat Specific Options

edit

These command line options are specific to Packetbeat:

-I <file>
Pass a pcap file as input to Packetbeat instead of reading packets from the network. This option is useful only for testing Packetbeat. Example: -I ~/pcaps/network_traffic.pcap.
-O
Read packets one by one by pressing Enter after each. This option is useful only for testing Packetbeat.
-devices
Print the list of devices that are available for sniffing.
-dump <file>
Write all captured packets to a file. This option is useful for troubleshooting Packetbeat.
-l <n>
Read the pcap file n number of times. Use this option in combination with the -I option. For an infinite loop, use 0. The -l option is useful only for testing Packetbeat.
-t
Read the packets from the pcap file as fast as possible without sleeping. Use this option in combination with the -I option. The -t option is useful only for testing Packetbeat.
-waitstop <n>
Wait an additional n seconds before exiting.

Other Options

edit

These command line options from libbeat are also available for Packetbeat:

-N
Disable the publishing of events to the defined output. This option is useful only for testing the Beat.
-c <file>
Pass the location of a configuration file for the Beat.
-configtest
Test the configuration file and then exit. This option is useful for troubleshooting the configuration of a Beat.
-cpuprofile <output file>
Write CPU profile data to the specified file. This option is useful for troubleshooting the Beat.
-d <selectors>
Enable debugging for the specified selectors. For the selectors, you can specify a comma-separated list of components, or you can use -d "*" to enable debugging for all components. For example, -d "publish" displays all the "publish" related messages.
-e
Log to stderr and disable syslog/file output.
-memprofile <output file>
Write memory profile data to the specified output file. This option is useful for troubleshooting the Beat.
-v
Enable verbose output to show INFO-level messages.
-version
Display the Beat version and exit.