WARNING: Version 1.0.1 of Packetbeat has passed its EOL date.

This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.

« Troubleshooting Recording a Trace »
Elastic Docs Packetbeat Reference [1.0.1] Troubleshooting

Running in the Foreground and Enabling Debugging

edit

Running in the Foreground and Enabling Debugging

edit

By default, Packetbeat sends all its output to syslog. You can use the -e command line flag to redirect the output to standard error instead:

packetbeat -e

The default configuration file is /etc/packetbeat/packetbeat.yml. You can use a different file by using the -c flag:

packetbeat -e -c /etc/packetbeat/packetbeat.yml

You can increase the verbosity of debug messages by enabling one or more debug selectors. For example, to view the published transactions, you can start Packetbeat like this:

packetbeat -e -d "publish"

You can enable multiple debug selectors by separating them with commas. For example, if you want to also see the mysql parsing messages, run:

packetbeat -e -c /etc/packetbeat/packetbeat.conf -d "publish,mysql,mysqldetailed"

Here is the list of commonly used debug selectors:

  • http
  • httpdetailed
  • ip
  • mysql
  • mysqldetailed
  • pcapfilter
  • pcapread
  • pgsql
  • pgsqldetailed
  • procs
  • procsdetailed
  • publish
  • redis
  • sockets
  • tcp
  • thrift
  • thriftdetailed

If you want all the debugging output (fair warning, it’s quite a lot), you can use *, like this:

packetbeat -e -d "*"
« Troubleshooting Recording a Trace »