Run Packetbeat by issuing the command that is appropriate for your platform. If you are accessing a secured Elasticsearch cluster, make sure you’ve configured credentials as described in Step 2: Configure Packetbeat.
If you use an init.d script to start Packetbeat on deb or rpm, you can’t specify command line flags (see Command reference). To specify flags, start Packetbeat in the foreground.
deb and rpm:
sudo service packetbeat start
mac and linux:
You’ll be running Packetbeat as root, so you need to change ownership of the
configuration file, or run Packetbeat with
To have launchd start
elastic/tap/packetbeat and then restart it at login,
brew services start elastic/tap/packetbeat-full
To run Packetbeat in the foreground instead of running it as a background service, run:
You’ll be running Packetbeat as root, so you need to change ownership
of the configuration file, or run Packetbeat with
PS C:\Program Files\Packetbeat> Start-Service packetbeat
By default the log files are stored in
Packetbeat is now ready to capture data from your network traffic. You can test that it works by creating a simple HTTP request. For example:
curl http://www.elastic.co/ > /dev/null
Now verify that the data is present in Elasticsearch by issuing the following command:
curl -XGET 'http://localhost:9200/packetbeat-*/_search?pretty'
Make sure that you replace
localhost:9200 with the address of your Elasticsearch
instance. The command should return data about the HTTP transaction you just created.