News

Beyond packets: Elastic Beats 1.0.0-beta3 released

We are excited to announce a new release for the Beats, Packetbeat and Topbeat, our trusted shippers of operational data. It’s not just Packetbeat anymore, now we’ve added Topbeat, which you can use to monitor your systems’ resources and processes. And don’t worry, we’ve continued to improve Packetbeat as well. In fact, thanks to you -- our community -- we have increased the pace in improving Packetbeat.

Here are the highlights of the new release.

Topbeat

It’s like the top command that you know from the Linux/Unix shell, but sends the data periodically to Elasticsearch. It captures system wide data like the system load, free/used memory or disk stats as well as per process stats. You can monitor all the processes running on your system or just a subset. Oh, and it’s not just for Linux, it works on Windows and OS X too.

Guess what, using Kibana to monitor your operating system metrics is a lot of fun!

DNS support in Packetbeat

DNS support is probably our most requested protocol for Packetbeat. Andrew Kroh stepped up and added generic support for UDP protocols to Packetbeat and then DNS support on top of it. Check out the screenshot for some of the interesting facts Packetbeat reveals.

Memcache support in Packetbeat

Memcache is another commonly requested feature. With this release Packetbeat fully supports it, including the binary and text protocols, over UDP and over TCP. Here is a screenshot showing statistics about the Memcache errors that Packetbeat found:

Windows support

We now officially support Windows. It used to be possible to run Packetbeat on Windows but it wasn’t an easy task. With this release we took several steps to make it simpler. This includes running as a native Windows service and logging to files. It’s also easier now, with Packetbeat, to list the available network interfaces and pick the one you want to use for network traffic capturing.

We plan to go even further with improving the Windows support, including adding a GUI installer to makes things even easier. Stay tuned.

Wrong libpcap version no more

We’ve completely reworked our build system and now we can statically compile against C libraries. This means libpcap is no longer a runtime dependency for Packetbeat on Linux. This means Packetbeat and Topbeat binaries work not only on the officially supported Linux distributions but also on any other Linux distribution as long as glibc is newer than 2.11.

Bonus: Developer Guides!

Lots of you asked for developer guides for how to create your own Beats or for how to add a new protocol to Packetbeat. We have now published two fairly comprehensive guides: one for creating a new Beat and one for adding a new protocol to Packetbeat.

If you have an idea for a new Beat or have a question about any of the above, please open a topic on the discuss forums. Here are the download links for Packetbeat and Topbeat.