WARNING: Version 1.3 of Packetbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Recording a Trace
editRecording a Trace
editIf you are having an issue, it’s often useful to record a full network trace and send it to us. It will help us reproduce the issue, and we can also add it to our automatic regression tests so that the problem never reoccurs. A trace of 10-20 seconds is usually enough. To record the trace, you can use the following Packetbeat command:
packetbeat -e -dump trace.pcap
This command executes Packetbeat in normal mode (all processing happens as usual), but
at the same time, it records all packets in libpcap format in the trace.pcap
file. If there’s a particular error message you want us to investigate, please
keep the trace running until the error shows up (it will printed on standard
error).
PCAP files can be large. Please monitor the disk usage while doing the dump to make sure you don’t run out of disk space. Whenever possible, we recommend recording the trace on a non-production machine.