Created
June 8, 2021 16:51
-
-
Save thecraftman/481762beb671ed1a9a1836e135407e66 to your computer and use it in GitHub Desktop.
Capture the network traffic from Redis layer protocol using Packetbeat
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Disable index lifecycle management (ILM) | |
| setup.ilm.enabled: false | |
| # network device to capture traffic from | |
| packetbeat.interfaces.device: en0 | |
| # Configure the maximum size of the packets to capture | |
| packetbeat.interfaces.snaplen: 44937833987 | |
| # Configure Sniffing & traffic capturing options | |
| packetbeat.interfaces.type: pcap | |
| # Configure the maximum size of the shared memory buffer to use | |
| packetbeat.interfaces.buffer_size_mb: 400 | |
| packetbeat.interfaces.auto_promisc_mode: true | |
| packetbeat.flows: | |
| timeout: 30s | |
| period: 10s | |
| protocols: | |
| dns: | |
| ports: [53] | |
| include_authorities: true | |
| include_additionals: true | |
| redis: | |
| ports: [6379] | |
| output.elasticsearch: | |
| hosts: [""$YOUR_AXIOM_URL:443/api/v1/datasets/<dataset>/elastic"] | |
| # api_key can be your ingest or personal token | |
| api_key: "user:token" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment