WARNING: Version 1.0.1 of Packetbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Running in the Foreground and Enabling Debuggingedit
By default, Packetbeat sends all its output to syslog. You can use the -e
command line flag to redirect the output to standard error instead:
packetbeat -e
The default configuration file is /etc/packetbeat/packetbeat.yml. You can use
a different file by using the -c flag:
packetbeat -e -c /etc/packetbeat/packetbeat.yml
You can increase the verbosity of debug messages by enabling one or more debug selectors. For example, to view the published transactions, you can start Packetbeat like this:
packetbeat -e -d "publish"
You can enable multiple debug selectors by separating them with commas. For example, if you want to also see the mysql parsing messages, run:
packetbeat -e -c /etc/packetbeat/packetbeat.conf -d "publish,mysql,mysqldetailed"
Here is the list of commonly used debug selectors:
- http
- httpdetailed
- ip
- mysql
- mysqldetailed
- pcapfilter
- pcapread
- pgsql
- pgsqldetailed
- procs
- procsdetailed
- publish
- redis
- sockets
- tcp
- thrift
- thriftdetailed
If you want all the debugging output (fair warning, it’s quite a lot), you can
use *, like this:
packetbeat -e -d "*"