- Packetbeat Reference: other versions:
- Overview
- Getting Started With Packetbeat
- Running Packetbeat on Docker
- Upgrading Packetbeat
- Configuring Packetbeat
- Configuration Options (Reference)
- Processors
- Setting Traffic Capturing Options
- Filtering and Enhancing the Exported Data
- Configuring Packetbeat to Use Ingest Node
- Exporting GeoIP Information
- Configuring Packetbeat to Use Logstash
- Configuring Flows to Monitor Network Traffic
- Using Environment Variables in the Configuration
- Configuring Thrift-RPC Support
- Maintaining the Real-Time State of the Network Topology
- YAML Tips and Gotchas
- Exported Fields
- AMQP Fields
- Beat Fields
- Cassandra Fields
- Cloud Provider Metadata Fields
- Common Fields
- DNS Fields
- Flow Event Fields
- HTTP Fields
- ICMP Fields
- Memcache Fields
- MongoDb Fields
- MySQL Fields
- NFS Fields
- PostgreSQL Fields
- Raw Fields
- Redis Fields
- Thrift-RPC Fields
- Transaction Event Fields
- Measurements (Transactions) Fields
- Securing Packetbeat
- Visualizing Packetbeat Data in Kibana
- Troubleshooting
- Developer Guide: Adding a New Protocol
WARNING: Version 5.4 of Packetbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Debugging
editDebugging
editBy default, Packetbeat sends all its output to syslog. When you run Packetbeat in
the foreground, you can use the -e command line flag to redirect the output to
standard error instead. For example:
packetbeat -e
The default configuration file is packetbeat.yml (the location of the file varies by
platform). You can use a different configuration file by specifying the -c flag. For example:
packetbeat -e -c mypacketbeatconfig.yml
You can increase the verbosity of debug messages by enabling one or more debug
selectors. For example, to view the published transactions, you can start Packetbeat
with the publish selector like this:
packetbeat -e -d "publish"
If you want all the debugging output (fair warning, it’s quite a lot), you can
use *, like this:
packetbeat -e -d "*"