WARNING: Version 1.3 of Packetbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Packetbeat is written in Go, so having Go installed and knowing the basics are prerequisites for understanding this guide. But don’t worry if you aren’t a Go expert. Go is a relatively new language, and very few people are experts in it. In fact, several people learned Go by contributing to Packetbeat and libbeat, including the original Packetbeat authors.
You will also need a good understanding of the wire protocol that you want to add support for. For standard protocols or protocols used in open source projects, you can usually find detailed specifications and example source code. Wireshark is a very useful tool for understanding the inner workings of the protocols it supports.
In some cases you can even make use of existing libraries for doing the actual parsing and decoding of the protocol. If the particular protocol has a Go implementation with a liberal enough license, you might be able to use it to parse and decode individual messages instead of writing your own parser.
Before starting, please also read the CONTRIBUTING file on GitHub.
Cloning and Compilingedit
$ mkdir -p $GOPATH/src/github.com/elastic $ cd $GOPATH/src/github.com/elastic $ git clone https://github.com/elastic/beats.git
Then you can compile it with:
$ cd beats $ make
Note that the location where you clone is important. If you prefer working
outside of the
GOPATH environment, you can clone to another directory and only
create a symlink to the
Forking and Branchingedit
We recommend the following work flow for contributing to Packetbeat:
- Fork Beats in GitHub to your own account
$GOPATH/src/github.com/elastic/beatsfolder, add your fork as a new remote. For example (replace
tsgwith your GitHub account):
$ git remote add tsg firstname.lastname@example.org:tsg/beats.git
- Create a new branch for your work:
$ git checkout -b cool_new_protocol
- Commit as often as you like, and then push to your private fork with:
$ git push --set-upstream tsg cool_new_protocol
- When you are ready to submit your PR, simply do so from the GitHub web interface. Feel free to submit your PR early. You can still add commits to the branch after creating the PR. Submitting the PR early gives us more time to provide feedback and perhaps help you with it.