diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index 080c23f0cc38..3e3fafb61d1d 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -22,6 +22,7 @@ https://github.com/elastic/beats/compare/v5.0.0-alpha1...master[Check the HEAD d *Packetbeat* - Configuration of redis topology support changed. {pull}1353[1353] +- Move all Packetbeat configuration options under the packetbeat namespace {issue}1417[1417] *Topbeat* diff --git a/packetbeat/beater/packetbeat.go b/packetbeat/beater/packetbeat.go index 213643fa8ccc..9b94015c8904 100644 --- a/packetbeat/beater/packetbeat.go +++ b/packetbeat/beater/packetbeat.go @@ -109,50 +109,50 @@ func (pb *Packetbeat) Config(b *beat.Beat) error { return err } + cfg := &pb.PbConfig.Packetbeat + // CLI flags over-riding config if *pb.CmdLineArgs.TopSpeed { - pb.PbConfig.Interfaces.TopSpeed = true + cfg.Interfaces.TopSpeed = true } if len(*pb.CmdLineArgs.File) > 0 { - pb.PbConfig.Interfaces.File = *pb.CmdLineArgs.File + cfg.Interfaces.File = *pb.CmdLineArgs.File } - pb.PbConfig.Interfaces.Loop = *pb.CmdLineArgs.Loop - pb.PbConfig.Interfaces.OneAtATime = *pb.CmdLineArgs.OneAtAtime + cfg.Interfaces.Loop = *pb.CmdLineArgs.Loop + cfg.Interfaces.OneAtATime = *pb.CmdLineArgs.OneAtAtime if len(*pb.CmdLineArgs.Dumpfile) > 0 { - pb.PbConfig.Interfaces.Dumpfile = *pb.CmdLineArgs.Dumpfile + cfg.Interfaces.Dumpfile = *pb.CmdLineArgs.Dumpfile } - // assign global singleton as it is used in protocols - // TODO: Refactor - config.ConfigSingleton = pb.PbConfig - return nil } // Setup packetbeat func (pb *Packetbeat) Setup(b *beat.Beat) error { - if err := procs.ProcWatcher.Init(pb.PbConfig.Procs); err != nil { + cfg := &pb.PbConfig.Packetbeat + + if err := procs.ProcWatcher.Init(cfg.Procs); err != nil { logp.Critical(err.Error()) return err } queueSize := defaultQueueSize - if pb.PbConfig.Shipper.QueueSize != nil { - queueSize = *pb.PbConfig.Shipper.QueueSize + if b.Config.Shipper.QueueSize != nil { + queueSize = *b.Config.Shipper.QueueSize } bulkQueueSize := defaultBulkQueueSize - if pb.PbConfig.Shipper.BulkQueueSize != nil { - bulkQueueSize = *pb.PbConfig.Shipper.BulkQueueSize + if b.Config.Shipper.BulkQueueSize != nil { + bulkQueueSize = *b.Config.Shipper.BulkQueueSize } pb.Pub = publish.NewPublisher(b.Publisher, queueSize, bulkQueueSize) pb.Pub.Start() logp.Debug("main", "Initializing protocol plugins") - err := protos.Protos.Init(false, pb.Pub, pb.PbConfig.Protocols) + err := protos.Protos.Init(false, pb.Pub, cfg.Protocols) if err != nil { return fmt.Errorf("Initializing protocol analyzers failed: %v", err) } @@ -163,7 +163,7 @@ func (pb *Packetbeat) Setup(b *beat.Beat) error { } // This needs to be after the sniffer Init but before the sniffer Run. - if err := droppriv.DropPrivileges(config.ConfigSingleton.RunOptions); err != nil { + if err := droppriv.DropPrivileges(cfg.RunOptions); err != nil { return err } @@ -171,7 +171,7 @@ func (pb *Packetbeat) Setup(b *beat.Beat) error { } func (pb *Packetbeat) setupSniffer() error { - cfg := &pb.PbConfig + cfg := &pb.PbConfig.Packetbeat withVlans := cfg.Interfaces.With_vlans _, withICMP := cfg.Protocols["icmp"] @@ -181,7 +181,7 @@ func (pb *Packetbeat) setupSniffer() error { } pb.Sniff = &sniffer.SnifferSetup{} - return pb.Sniff.Init(false, pb.makeWorkerFactory(filter)) + return pb.Sniff.Init(false, pb.makeWorkerFactory(filter), &pb.PbConfig.Packetbeat.Interfaces) } func (pb *Packetbeat) makeWorkerFactory(filter string) sniffer.WorkerFactory { @@ -189,8 +189,8 @@ func (pb *Packetbeat) makeWorkerFactory(filter string) sniffer.WorkerFactory { var f *flows.Flows var err error - if pb.PbConfig.Flows != nil { - f, err = flows.NewFlows(pb.Pub, pb.PbConfig.Flows) + if pb.PbConfig.Packetbeat.Flows != nil { + f, err = flows.NewFlows(pb.Pub, pb.PbConfig.Packetbeat.Flows) if err != nil { return nil, "", err } @@ -198,7 +198,7 @@ func (pb *Packetbeat) makeWorkerFactory(filter string) sniffer.WorkerFactory { var icmp4 icmp.ICMPv4Processor var icmp6 icmp.ICMPv6Processor - if cfg, exists := pb.PbConfig.Protocols["icmp"]; exists { + if cfg, exists := pb.PbConfig.Packetbeat.Protocols["icmp"]; exists { icmp, err := icmp.New(false, pb.Pub, cfg) if err != nil { return nil, "", err diff --git a/packetbeat/config/config.go b/packetbeat/config/config.go index b7955a77b974..8cef7d4b4d72 100644 --- a/packetbeat/config/config.go +++ b/packetbeat/config/config.go @@ -5,19 +5,19 @@ import ( "github.com/elastic/beats/libbeat/common" "github.com/elastic/beats/libbeat/common/droppriv" - "github.com/elastic/beats/libbeat/logp" - "github.com/elastic/beats/libbeat/publisher" "github.com/elastic/beats/packetbeat/procs" ) type Config struct { + Packetbeat PacketbeatConfig +} + +type PacketbeatConfig struct { Interfaces InterfacesConfig Flows *Flows Protocols map[string]*common.Config - Shipper publisher.ShipperConfig Procs procs.ProcsConfig RunOptions droppriv.RunOptions - Logging logp.Logging } type InterfacesConfig struct { @@ -45,6 +45,3 @@ type ProtocolCommon struct { SendResponse bool `config:"send_response"` TransactionTimeout time.Duration `config:"transaction_timeout"` } - -// Config Singleton -var ConfigSingleton Config diff --git a/packetbeat/docs/gettingstarted.asciidoc b/packetbeat/docs/gettingstarted.asciidoc index 0f7c3f3ba6b3..4eb04b656588 100644 --- a/packetbeat/docs/gettingstarted.asciidoc +++ b/packetbeat/docs/gettingstarted.asciidoc @@ -106,7 +106,7 @@ server on which Packetbeat is installed. For this, use `any` as the device: ---------------------------------------------------------------------- # Select the network interfaces to sniff the data. You can use the "any" # keyword to sniff on all connected interfaces. -interfaces: +packetbeat.interfaces: device: any ---------------------------------------------------------------------- @@ -131,7 +131,7 @@ Modify the `device` line to point to the index of the device: + [source,yml] ---------------------------------------------------------------------- -interfaces: +packetbeat.interfaces: device: 0 ---------------------------------------------------------------------- @@ -141,7 +141,7 @@ default values should do just fine. + [source,yaml] ---------------------------------------------------------------------- -protocols: +packetbeat.protocols: dns: ports: [53] diff --git a/packetbeat/docs/reference/configuration/packetbeat-options.asciidoc b/packetbeat/docs/reference/configuration/packetbeat-options.asciidoc index 834aa9cf2b0f..f9e4e4ff71a8 100644 --- a/packetbeat/docs/reference/configuration/packetbeat-options.asciidoc +++ b/packetbeat/docs/reference/configuration/packetbeat-options.asciidoc @@ -7,7 +7,7 @@ The `interfaces` section configures the sniffer. Here is an example configuratio ------------------------------------------------------------------------------ # Select the network interfaces to sniff the data. You can use the "any" # keyword to sniff on all connected interfaces. -interfaces: +packetbeat.interfaces: # On which device to sniff device: any @@ -34,7 +34,7 @@ Example: [source,yaml] ------------------------------------------------------------------------------ -interfaces: +packetbeat.interfaces: device: eth0 ------------------------------------------------------------------------------ @@ -73,7 +73,7 @@ first interface in the list: [source,yaml] ------------------------------------------------------------------------------ -interfaces: +packetbeat.interfaces: device: 0 ------------------------------------------------------------------------------ @@ -90,7 +90,7 @@ Example: [source,yaml] ------------------------------------------------------------------------------ -interfaces: +packetbeat.interfaces: device: eth0 snaplen: 1514 ------------------------------------------------------------------------------ @@ -114,7 +114,7 @@ the `af_packet` sniffing type: [source,yaml] ------------------------------------------------------------------------------ -interfaces: +packetbeat.interfaces: device: eth0 type: af_packet ------------------------------------------------------------------------------ @@ -137,7 +137,7 @@ Example: [source,yaml] ------------------------------------------------------------------------------ -interfaces: +packetbeat.interfaces: device: eth0 type: af_packet buffer_size_mb: 100 @@ -168,7 +168,7 @@ You can use the `bpf_filter` setting to overwrite the generated BPF filter. For [source,yaml] ------------------------------------------------------------------------------ -interfaces: +packetbeat.interfaces: device: eth0 bpf_filter: "net 192.168.238.0/0 and port 80 and port 3306" ------------------------------------------------------------------------------ @@ -187,7 +187,7 @@ disabled. [source,yaml] ------------------------------------------------------------------------------ -flows: +packetbeat.flows: timeout: 30s period: 10s ------------------------------------------------------------------------------ @@ -233,7 +233,7 @@ Example configuration: [source,yaml] ------------------------------------------------------------------------------ -protocols: +packetbeat.protocols: icmp: enabled: true @@ -314,7 +314,7 @@ The `dns` section specifies configuration options for the DNS protocol. The DNS [source,yaml] ------------------------------------------------------------------------------ -protocols: +packetbeat.protocols: dns: ports: [53] @@ -345,7 +345,7 @@ sample configuration section: [source,yaml] ------------------------------------------------------------------------------ -protocols: +packetbeat.protocols: http: # Configure the ports where to listen for HTTP traffic. You can disable @@ -418,7 +418,7 @@ Example configuration: [source,yml] ------------------------------------------------------------------------------ -protocols: +packetbeat.protocols: http: ports: [80, 8080] send_response: true @@ -709,7 +709,7 @@ Example configuration: [source,yaml] ------------------------------------------------------------------------------ -procs: +packetbeat.procs: enabled: true monitored: - process: mysqld diff --git a/packetbeat/etc/beat.yml b/packetbeat/etc/beat.yml index 4b34ff4abdf3..e74741df2c64 100644 --- a/packetbeat/etc/beat.yml +++ b/packetbeat/etc/beat.yml @@ -12,10 +12,10 @@ # Select the network interfaces to sniff the data. You can use the "any" # keyword to sniff on all connected interfaces. -interfaces: +packetbeat.interfaces: device: any -flows: +packetbeat.flows: # Set network flow timeout. Flow is killed if no packet is received before being # timed out. #timeout: 30s @@ -24,7 +24,7 @@ flows: #period: 10s ############################# Protocols ####################################### -protocols: +packetbeat.protocols: icmp: # Enable ICMPv4 and ICMPv6 monitoring. Default: false enabled: true @@ -161,7 +161,7 @@ protocols: # Process matching is optional and can be enabled by uncommenting the following # lines. # -#procs: +#packetbeat.procs: # enabled: false # monitored: # - process: mysqld diff --git a/packetbeat/packetbeat.yml b/packetbeat/packetbeat.yml index 5ed88a3645ad..0af0ed4cb3ac 100644 --- a/packetbeat/packetbeat.yml +++ b/packetbeat/packetbeat.yml @@ -12,10 +12,10 @@ # Select the network interfaces to sniff the data. You can use the "any" # keyword to sniff on all connected interfaces. -interfaces: +packetbeat.interfaces: device: any -flows: +packetbeat.flows: # Set network flow timeout. Flow is killed if no packet is received before being # timed out. #timeout: 30s @@ -24,7 +24,7 @@ flows: #period: 10s ############################# Protocols ####################################### -protocols: +packetbeat.protocols: icmp: # Enable ICMPv4 and ICMPv6 monitoring. Default: false enabled: true @@ -161,7 +161,7 @@ protocols: # Process matching is optional and can be enabled by uncommenting the following # lines. # -#procs: +#packetbeat.procs: # enabled: false # monitored: # - process: mysqld diff --git a/packetbeat/sniffer/sniffer.go b/packetbeat/sniffer/sniffer.go index f717d68710be..fe7875081408 100644 --- a/packetbeat/sniffer/sniffer.go +++ b/packetbeat/sniffer/sniffer.go @@ -241,11 +241,11 @@ func (sniffer *SnifferSetup) Datalink() layers.LinkType { return layers.LinkTypeEthernet } -func (sniffer *SnifferSetup) Init(test_mode bool, factory WorkerFactory) error { +func (sniffer *SnifferSetup) Init(test_mode bool, factory WorkerFactory, interfaces *config.InterfacesConfig) error { var err error if !test_mode { - err = sniffer.setFromConfig(&config.ConfigSingleton.Interfaces) + err = sniffer.setFromConfig(interfaces) if err != nil { return fmt.Errorf("Error creating sniffer: %v", err) } diff --git a/packetbeat/tests/system/config/packetbeat.yml.j2 b/packetbeat/tests/system/config/packetbeat.yml.j2 index ecab5e0e05d2..9f843774230f 100644 --- a/packetbeat/tests/system/config/packetbeat.yml.j2 +++ b/packetbeat/tests/system/config/packetbeat.yml.j2 @@ -1,46 +1,12 @@ -############################# Shipper ######################################### -shipper: - # The name of the shipper that publishes the network data. It can be used to group - # all the transactions sent by a single shipper in the web interface. - # If this options is not defined, the hostname is used. - name: - - # The tags of the shipper are included in their own field with each - # transaction published. Tags make it easy to group servers by different - # logical properties. - tags: [ - {%- if agent_tags -%} - {%- for tag in agent_tags -%} - "{{ tag }}" - {%- if not loop.last %}, {% endif -%} - {%- endfor -%} - {%- endif -%} - ] - - # Uncomment the following if you want to ignore transactions created - # by the server on which the shipper is installed. This option is useful - # to remove duplicates if shippers are installed on multiple servers. - # ignore_outgoing: true - -{% if geoip_paths is not none %} - geoip: - paths: [ - {%- for path in geoip_paths -%} - "{{ beat.working_dir + '/' + path }}" - {%- if not loop.last %}, {% endif -%} - {%- endfor -%} - ] -{%- endif %} - -############################# Sniffer ######################################### +############################# Packetbeat ######################################### # Select the network interfaces to sniff the data. You can use the "any" # keyword to sniff on all connected interfaces. -interfaces: +packetbeat.interfaces: device: {{ iface_device|default("any") }} {% if flows %} -flows: +packetbeat.flows: period: -1s timeout: 10s {% endif %} @@ -48,7 +14,7 @@ flows: # Configure which protocols to monitor and the ports where they are # running. You can disable a given protocol by commenting out its # configuration. -protocols: +packetbeat.protocols: icmp: enabled: true {% if icmp_send_request %} send_request: true{%- endif %} @@ -150,34 +116,6 @@ protocols: {% if mongodb_max_docs is not none %} max_docs: {{mongodb_max_docs}}{% endif %} {% if mongodb_max_doc_length is not none %} max_doc_length: {{mongodb_max_doc_length}}{% endif %} -############################# Output ########################################## - -# Configure what outputs to use when sending the data collected by packetbeat. -# You can enable one or multiple outputs by setting enabled option to true. -output: - - # Elasticsearch as output - # Options: - # host, port: where Elasticsearch is listening on - # save_topology: specify if the topology is saved in Elasticsearch - #elasticsearch: - # host: localhost - # port: 9200 - # save_topology: true - - # File as output - # Options - # path: where to save the files - # filename: name of the files - # rotate_every_kb: maximum size of the files in path - # number of files: maximum number of files in path - file: - enabled: true - path: "{{ output_file_path|default(beat.working_dir + "/output") }}" - filename: "{{ output_file_filename|default("packetbeat") }}" - rotate_every_kb: 1000 - #number_of_files: 7 - ############################# Processes ####################################### {% if procs_enabled %} @@ -189,7 +127,7 @@ output: # Process matching is optional and can be enabled by uncommenting the following # lines. # -procs: +packetbeat.procs: enabled: true monitored: - process: mysqld @@ -210,6 +148,8 @@ procs: {% if filter_enabled %} + +############################# Filters ######################################### filters: {%- if drop_fields %} @@ -222,3 +162,65 @@ filters: {%- endif %} {% endif %} # vim: set ft=jinja: + +############################# Shipper ######################################### +shipper: + # The name of the shipper that publishes the network data. It can be used to group + # all the transactions sent by a single shipper in the web interface. + # If this options is not defined, the hostname is used. + name: + + # The tags of the shipper are included in their own field with each + # transaction published. Tags make it easy to group servers by different + # logical properties. + tags: [ + {%- if agent_tags -%} + {%- for tag in agent_tags -%} + "{{ tag }}" + {%- if not loop.last %}, {% endif -%} + {%- endfor -%} + {%- endif -%} + ] + + # Uncomment the following if you want to ignore transactions created + # by the server on which the shipper is installed. This option is useful + # to remove duplicates if shippers are installed on multiple servers. + # ignore_outgoing: true + +{% if geoip_paths is not none %} + geoip: + paths: [ + {%- for path in geoip_paths -%} + "{{ beat.working_dir + '/' + path }}" + {%- if not loop.last %}, {% endif -%} + {%- endfor -%} + ] +{%- endif %} + +############################# Output ########################################## + +# Configure what outputs to use when sending the data collected by packetbeat. +# You can enable one or multiple outputs by setting enabled option to true. +output: + + # Elasticsearch as output + # Options: + # host, port: where Elasticsearch is listening on + # save_topology: specify if the topology is saved in Elasticsearch + #elasticsearch: + # host: localhost + # port: 9200 + # save_topology: true + + # File as output + # Options + # path: where to save the files + # filename: name of the files + # rotate_every_kb: maximum size of the files in path + # number of files: maximum number of files in path + file: + enabled: true + path: "{{ output_file_path|default(beat.working_dir + "/output") }}" + filename: "{{ output_file_filename|default("packetbeat") }}" + rotate_every_kb: 1000 + #number_of_files: 7