WARNING: Version 1.1 of Packetbeat has passed its EOL date.

This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.

« Step 6: Loading Sample Kibana Dashboards Configuring Packetbeat »
Elastic Docs Packetbeat Reference [1.1] Getting Started With Packetbeat

Command Line Options

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Command Line Options

edit

The following command line options are available for Packetbeat. To use these options, you need to start Packetbeat in the foreground.

$ ./packetbeat -h
Usage of ./packetbeat:
  -I string
      file
  -N  Disable actual publishing for testing
  -O  Read packets one at a time (press Enter)
  -c string
      Configuration file (default "/etc/packetbeat/packetbeat.yml")
  -configtest
      Test configuration and exit.
  -cpuprofile string
      Write cpu profile to file
  -d string
      Enable certain debug selectors
  -devices
      Print the list of devices and exit
  -dump string
      Write all captured packets to this libpcap file
  -e  Log to stderr and disable syslog/file output
  -l int
      Loop file. 0 - loop forever (default 1)
  -memprofile string
      Write memory profile to this file
  -t  Read packets as fast as possible, without sleeping
  -v  Log at INFO level
  -version
      Print version and exit
  -waitstop int
      Additional seconds to wait before shutting down

Packet-Beat Specific Options

edit

These command line options are specific to Packetbeat:

-I <file>
Pass a pcap file as input to Packetbeat instead of reading packets from the network. This option is useful only for testing Packetbeat. Example: -I ~/pcaps/network_traffic.pcap.
-O
Read packets one by one by pressing Enter after each. This option is useful only for testing Packetbeat.
-devices
Print the list of devices that are available for sniffing.
-dump <file>
Write all captured packets to a file. This option is useful for troubleshooting Packetbeat.
-l <n>
Read the pcap file n number of times. Use this option in combination with the -I option. For an infinite loop, use 0. The -l option is useful only for testing Packetbeat.
-t
Read the packets from the pcap file as fast as possible without sleeping. Use this option in combination with the -I option. The -t option is useful only for testing Packetbeat.
-waitstop <n>
Wait an additional n seconds before exiting.

Other Options

edit

These command line options from libbeat are also available for Packetbeat:

-N
Disable the publishing of events to the defined output. This option is useful only for testing the Beat.
-c <file>
Pass the location of a configuration file for the Beat.
-configtest
Test the configuration file and then exit. This option is useful for troubleshooting the configuration of a Beat.
-cpuprofile <output file>
Write CPU profile data to the specified file. This option is useful for troubleshooting the Beat.
-d <selectors>
Enable debugging for the specified selectors. For the selectors, you can specify a comma-separated list of components, or you can use -d "*" to enable debugging for all components. For example, -d "publish" displays all the "publish" related messages.
-e
Log to stderr and disable syslog/file output.
-httpprof [<host>]:<port>
Start http server for profiling. This option is useful for troubleshooting and profiling the Beat.
-memprofile <output file>
Write memory profile data to the specified output file. This option is useful for troubleshooting the Beat.
-v
Enable verbose output to show INFO-level messages.
-version
Display the Beat version and exit.
« Step 6: Loading Sample Kibana Dashboards Configuring Packetbeat »