WARNING: Version 1.1 of Packetbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
The following command line options are available for Packetbeat. To use these options, you need to start Packetbeat in the foreground.
$ ./packetbeat -h Usage of ./packetbeat: -I string file -N Disable actual publishing for testing -O Read packets one at a time (press Enter) -c string Configuration file (default "/etc/packetbeat/packetbeat.yml") -configtest Test configuration and exit. -cpuprofile string Write cpu profile to file -d string Enable certain debug selectors -devices Print the list of devices and exit -dump string Write all captured packets to this libpcap file -e Log to stderr and disable syslog/file output -l int Loop file. 0 - loop forever (default 1) -memprofile string Write memory profile to this file -t Read packets as fast as possible, without sleeping -v Log at INFO level -version Print version and exit -waitstop int Additional seconds to wait before shutting down
These command line options are specific to Packetbeat:
Pass a pcap file as input to Packetbeat instead of reading packets from the network.
This option is useful only for testing Packetbeat. Example:
- Read packets one by one by pressing Enter after each. This option is useful only for testing Packetbeat.
- Print the list of devices that are available for sniffing.
- Write all captured packets to a file. This option is useful for troubleshooting Packetbeat.
Read the pcap file
nnumber of times. Use this option in combination with the
-Ioption. For an infinite loop, use 0. The
-loption is useful only for testing Packetbeat.
Read the packets from the pcap file as fast as possible without sleeping. Use this option in combination with the
-toption is useful only for testing Packetbeat.
Wait an additional
nseconds before exiting.
These command line options from libbeat are also available for Packetbeat:
- Disable the publishing of events to the defined output. This option is useful only for testing the Beat.
- Pass the location of a configuration file for the Beat.
- Test the configuration file and then exit. This option is useful for troubleshooting the configuration of a Beat.
-cpuprofile <output file>
- Write CPU profile data to the specified file. This option is useful for troubleshooting the Beat.
Enable debugging for the specified selectors. For the selectors, you can specify a comma-separated
list of components, or you can use
-d "*"to enable debugging for all components. For example,
-d "publish"displays all the "publish" related messages.
- Log to stderr and disable syslog/file output.
- Start http server for profiling. This option is useful for troubleshooting and profiling the Beat.
-memprofile <output file>
- Write memory profile data to the specified output file. This option is useful for troubleshooting the Beat.
- Enable verbose output to show INFO-level messages.
- Display the Beat version and exit.