下载安装包&解压
# wget https://artifacts.elastic.co/downloads/beats/packetbeat/packetbeat-6.4.0-linux-x86_64.tar.gz
# tar -zxvf packetbeat-6.4.0-linux-x86_64.tar.gz
修改配置文件
#vim /usr/local/soft/packetbeat-6.3.2-linux-x86_64/packetbeatwebshell.yml
*************************************************
packetbeat.interfaces.device: any
packetbeat.protocols:
- type: icmp
enabled: false
- type: amqp
ports: [5672]
enabled: false
- type: cassandra
ports: [9042]
enabled: false
- type: dns
ports: [53]
enabled: false
include_authorities: true
include_additionals: true
- type: http
ports: [80, 8080]
max_message_size: 10485760
send_headers: ["host","cookie","referer"]
send_request: true
send_response: true
- type: memcache
ports: [11211]
enabled: false
- type: mysql
ports: [3306]
enabled: false
- type: pgsql
ports: [5432]
enabled: false
- type: redis
ports: [6379]
enabled: false
- type: thrift
ports: [9090]
enabled: false
- type: mongodb
ports: [27017]
enabled: false
- type: nfs
ports: [2049]
enabled: false
setup.template.enabled: true
setup.template.name: "webshell"
setup.template.pattern: "webshell-*"
setup.kibana:
host: "192.*.*.144:5601"
output.elasticsearch:
enabled: false
hosts: ["192.*.*.144:9200"]
index: "webshell-%{+yyyy.MM.dd}"
output.logstash:
enabled: true
hosts: ["localhost:5044"]
output.console:
enabled: false
pretty: true
**************************************************
启动:
#/soft/packetbeat-6.0.0-linux-x86_64/packetbeat -c /soft/packetbeat-6.0.0-linux-x86_64/packetbeatwebshell.yml
创建日志文件夹,创建成功后,则会在/logs/目录下自动生成文件名为packetbeat的日志文件
#mkdir /logs
packetbeat
说明:此服务,还需要与kibana、elasticsearch、logstash配合使用,
以上软件的具体安装,请参考:
https://my.oschina.net/guiguketang/blog/1860691