WARNING: Version 1.0.1 of Packetbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
By default, Packetbeat sends all its output to syslog. You can use the
command line flag to redirect the output to standard error instead:
The default configuration file is
/etc/packetbeat/packetbeat.yml. You can use
a different file by using the
packetbeat -e -c /etc/packetbeat/packetbeat.yml
You can increase the verbosity of debug messages by enabling one or more debug selectors. For example, to view the published transactions, you can start Packetbeat like this:
packetbeat -e -d "publish"
You can enable multiple debug selectors by separating them with commas. For example, if you want to also see the mysql parsing messages, run:
packetbeat -e -c /etc/packetbeat/packetbeat.conf -d "publish,mysql,mysqldetailed"
Here is the list of commonly used debug selectors:
If you want all the debugging output (fair warning, it’s quite a lot), you can
*, like this:
packetbeat -e -d "*"