From ab781c6ea640ecbc1854ce44b04f093f5972e52b Mon Sep 17 00:00:00 2001 From: urso Date: Thu, 7 Jul 2016 17:42:27 +0200 Subject: [PATCH] packetbeat protocols `enable` config --- CHANGELOG.asciidoc | 5 +- filebeat/filebeat.full.yml | 12 ++-- libbeat/_meta/config.full.yml | 12 ++-- libbeat/common/config.go | 7 ++- libbeat/docs/outputconfig.asciidoc | 24 ++++---- metricbeat/metricbeat.full.yml | 12 ++-- packetbeat/beater/packetbeat.go | 20 ++++--- packetbeat/config/config.go | 9 ++- .../configuration/packetbeat-options.asciidoc | 21 +++++-- packetbeat/etc/beat.full.yml | 48 ++++++++++++--- packetbeat/etc/beat.yml | 16 ++--- packetbeat/packetbeat.full.yml | 60 +++++++++++++++---- packetbeat/packetbeat.yml | 16 ++--- packetbeat/protos/protos.go | 6 ++ winlogbeat/winlogbeat.full.yml | 12 ++-- 15 files changed, 190 insertions(+), 90 deletions(-) diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index 01ae4b91f99..905ee32081e 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -20,6 +20,7 @@ https://github.com/elastic/beats/compare/v5.0.0-alpha4...master[Check the HEAD d *Metricbeat* *Packetbeat* +- Set `enabled` ` in `packetbeat.protocols.icmp` configuration to `true` by default. {pull}1988[1988] *Topbeat* @@ -54,12 +55,14 @@ https://github.com/elastic/beats/compare/v5.0.0-alpha4...master[Check the HEAD d *Affecting all Beats* - Periodically log internal metrics. {pull}1955[1955] -- Add enable-setting to all output modules. {pull}1987[1987] +- Add enabled setting to all output modules. {pull}1987[1987] - Command line flag -c can be used multiple times. {pull}1985[1985] - Add OR/AND/NOT to the condition associated with the processors. {pull}1983[1983] - Add '-E' CLI flag for overwriting single config options via command line. {pull}1986[1986] - Choose the mapping template file based on the Elasticsearch version. {pull}1993[1993] - Check stdout being available when console output is configured. {issue}2035[2035] +- Add enabled setting to packetbeat protocols. {pull}1988[1988] +- Add enabled setting to packetbeat network flows configuration. {pull}1988[1988] *Metricbeat* diff --git a/filebeat/filebeat.full.yml b/filebeat/filebeat.full.yml index 920cfcfd159..15447386ad6 100644 --- a/filebeat/filebeat.full.yml +++ b/filebeat/filebeat.full.yml @@ -308,7 +308,7 @@ filebeat.prospectors: #-------------------------- Elasticsearch output ------------------------------ output.elasticsearch: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # Array of hosts to connect to. # Scheme and port can be left out and will be set to the default (http and 9200) @@ -420,7 +420,7 @@ output.elasticsearch: #----------------------------- Logstash output -------------------------------- #output.logstash: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # The Logstash hosts #hosts: ["localhost:5044"] @@ -473,7 +473,7 @@ output.elasticsearch: #------------------------------- Kafka output --------------------------------- #output.kafka: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # The list of Kafka broker addresses from where to fetch the cluster metadata. # The cluster metadata contain the actual Kafka brokers events are published @@ -564,7 +564,7 @@ output.elasticsearch: #------------------------------- Redis output --------------------------------- #output.redis: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # The list of Redis servers to connect to. If load balancing is enabled, the # events are distributed to the servers in the list. If one server becomes @@ -663,7 +663,7 @@ output.elasticsearch: #------------------------------- File output ---------------------------------- #output.file: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # Path to the directory where to save the generated files. The option is # mandatory. @@ -687,7 +687,7 @@ output.elasticsearch: #----------------------------- Console output --------------------------------- #output.console: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # Pretty print json event #pretty: false diff --git a/libbeat/_meta/config.full.yml b/libbeat/_meta/config.full.yml index ad86527122d..7e2831b3a59 100644 --- a/libbeat/_meta/config.full.yml +++ b/libbeat/_meta/config.full.yml @@ -82,7 +82,7 @@ #-------------------------- Elasticsearch output ------------------------------ output.elasticsearch: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # Array of hosts to connect to. # Scheme and port can be left out and will be set to the default (http and 9200) @@ -194,7 +194,7 @@ output.elasticsearch: #----------------------------- Logstash output -------------------------------- #output.logstash: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # The Logstash hosts #hosts: ["localhost:5044"] @@ -247,7 +247,7 @@ output.elasticsearch: #------------------------------- Kafka output --------------------------------- #output.kafka: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # The list of Kafka broker addresses from where to fetch the cluster metadata. # The cluster metadata contain the actual Kafka brokers events are published @@ -338,7 +338,7 @@ output.elasticsearch: #------------------------------- Redis output --------------------------------- #output.redis: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # The list of Redis servers to connect to. If load balancing is enabled, the # events are distributed to the servers in the list. If one server becomes @@ -437,7 +437,7 @@ output.elasticsearch: #------------------------------- File output ---------------------------------- #output.file: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # Path to the directory where to save the generated files. The option is # mandatory. @@ -461,7 +461,7 @@ output.elasticsearch: #----------------------------- Console output --------------------------------- #output.console: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # Pretty print json event #pretty: false diff --git a/libbeat/common/config.go b/libbeat/common/config.go index a1c857b4b37..0b26e665bdb 100644 --- a/libbeat/common/config.go +++ b/libbeat/common/config.go @@ -142,11 +142,14 @@ func (c *Config) SetChild(name string, idx int, value *Config) error { func (c *Config) Enabled() bool { testEnabled := struct { - Enabled bool `config:"enable"` + Enabled bool `config:"enabled"` }{true} + if c == nil { + return false + } if err := c.Unpack(&testEnabled); err != nil { - // if unpacking fails, expect 'enable' being set to default value + // if unpacking fails, expect 'enabled' being set to default value return true } return testEnabled.Enabled diff --git a/libbeat/docs/outputconfig.asciidoc b/libbeat/docs/outputconfig.asciidoc index b8abd7cb10b..d0ae824a257 100644 --- a/libbeat/docs/outputconfig.asciidoc +++ b/libbeat/docs/outputconfig.asciidoc @@ -92,9 +92,9 @@ output.elasticsearch: You can specify the following options in the `elasticsearch` section of the +{beatname_lc}.yml+ config file: -===== enable +===== enabled -The enable config is a boolean setting to enable or disable the output. If set +The enabled config is a boolean setting to enable or disable the output. If set to false, the output is disabled. The default value is true. @@ -388,9 +388,9 @@ output.logstash: You can specify the following options in the `logstash` section of the +{beatname_lc}.yml+ config file: -===== enable +===== enabled -The enable config is a boolean setting to enable or disable the output. If set +The enabled config is a boolean setting to enable or disable the output. If set to false, the output is disabled. The default value is true. @@ -529,9 +529,9 @@ The Kafka output sends the events to Apache Kafka. You can specify the following options in the `kafka` section of the +{beatname_lc}.yml+ config file: -===== enable +===== enabled -The enable config is a boolean setting to enable or disable the output. If set +The enabled config is a boolean setting to enable or disable the output. If set to false, the output is disabled. The default value is true. @@ -647,9 +647,9 @@ output.redis: You can specify the following options in the `redis` section of the +{beatname_lc}.yml+ config file: -===== enable +===== enabled -The enable config is a boolean setting to enable or disable the output. If set +The enabled config is a boolean setting to enable or disable the output. If set to false, the output is disabled. The default value is true. @@ -798,9 +798,9 @@ output.file: You can specify the following options in the `file` section of the +{beatname_lc}.yml+ config file: -===== enable +===== enabled -The enable config is a boolean setting to enable or disable the output. If set +The enabled config is a boolean setting to enable or disable the output. If set to false, the output is disabled. The default value is true. @@ -846,9 +846,9 @@ You can specify the following options in the `console` section of the +{beatname If `pretty` is set to true, events written to stdout will be nicely formatted. The default is false. -===== enable +===== enabled -The enable config is a boolean setting to enable or disable the output. If set +The enabled config is a boolean setting to enable or disable the output. If set to false, the output is disabled. The default value is true. diff --git a/metricbeat/metricbeat.full.yml b/metricbeat/metricbeat.full.yml index d64756c0e15..bdef79b126a 100644 --- a/metricbeat/metricbeat.full.yml +++ b/metricbeat/metricbeat.full.yml @@ -227,7 +227,7 @@ metricbeat.modules: #-------------------------- Elasticsearch output ------------------------------ output.elasticsearch: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # Array of hosts to connect to. # Scheme and port can be left out and will be set to the default (http and 9200) @@ -339,7 +339,7 @@ output.elasticsearch: #----------------------------- Logstash output -------------------------------- #output.logstash: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # The Logstash hosts #hosts: ["localhost:5044"] @@ -392,7 +392,7 @@ output.elasticsearch: #------------------------------- Kafka output --------------------------------- #output.kafka: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # The list of Kafka broker addresses from where to fetch the cluster metadata. # The cluster metadata contain the actual Kafka brokers events are published @@ -483,7 +483,7 @@ output.elasticsearch: #------------------------------- Redis output --------------------------------- #output.redis: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # The list of Redis servers to connect to. If load balancing is enabled, the # events are distributed to the servers in the list. If one server becomes @@ -582,7 +582,7 @@ output.elasticsearch: #------------------------------- File output ---------------------------------- #output.file: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # Path to the directory where to save the generated files. The option is # mandatory. @@ -606,7 +606,7 @@ output.elasticsearch: #----------------------------- Console output --------------------------------- #output.console: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # Pretty print json event #pretty: false diff --git a/packetbeat/beater/packetbeat.go b/packetbeat/beater/packetbeat.go index 51558b07a08..7b5c859103b 100644 --- a/packetbeat/beater/packetbeat.go +++ b/packetbeat/beater/packetbeat.go @@ -197,26 +197,28 @@ func (pb *Packetbeat) Stop() { } func (pb *Packetbeat) setupSniffer() error { - cfg := &pb.Config + config := &pb.Config + + withVlans := config.Interfaces.With_vlans + withICMP := config.Protocols["icmp"].Enabled() - withVlans := cfg.Interfaces.With_vlans - _, withICMP := cfg.Protocols["icmp"] - filter := cfg.Interfaces.Bpf_filter - if filter == "" && cfg.Flows == nil { + filter := config.Interfaces.Bpf_filter + if filter == "" && !config.Flows.IsEnabled() { filter = protos.Protos.BpfFilter(withVlans, withICMP) } pb.Sniff = &sniffer.SnifferSetup{} - return pb.Sniff.Init(false, pb.makeWorkerFactory(filter), &cfg.Interfaces) + return pb.Sniff.Init(false, pb.makeWorkerFactory(filter), &config.Interfaces) } func (pb *Packetbeat) makeWorkerFactory(filter string) sniffer.WorkerFactory { return func(dl layers.LinkType) (sniffer.Worker, string, error) { var f *flows.Flows var err error + config := &pb.Config - if pb.Config.Flows != nil { - f, err = flows.NewFlows(pb.Pub, pb.Config.Flows) + if config.Flows.IsEnabled() { + f, err = flows.NewFlows(pb.Pub, config.Flows) if err != nil { return nil, "", err } @@ -224,7 +226,7 @@ func (pb *Packetbeat) makeWorkerFactory(filter string) sniffer.WorkerFactory { var icmp4 icmp.ICMPv4Processor var icmp6 icmp.ICMPv6Processor - if cfg, exists := pb.Config.Protocols["icmp"]; exists { + if cfg := config.Protocols["icmp"]; cfg.Enabled() { icmp, err := icmp.New(false, pb.Pub, cfg) if err != nil { return nil, "", err diff --git a/packetbeat/config/config.go b/packetbeat/config/config.go index 91a8dad38cf..f02ffc5087a 100644 --- a/packetbeat/config/config.go +++ b/packetbeat/config/config.go @@ -31,8 +31,9 @@ type InterfacesConfig struct { } type Flows struct { - Timeout string - Period string + Enabled *bool `config:"enabled"` + Timeout string `config:"timeout"` + Period string `config:"period"` } type ProtocolCommon struct { @@ -41,3 +42,7 @@ type ProtocolCommon struct { SendResponse bool `config:"send_response"` TransactionTimeout time.Duration `config:"transaction_timeout"` } + +func (f *Flows) IsEnabled() bool { + return f != nil && (f.Enabled == nil || *f.Enabled) +} diff --git a/packetbeat/docs/reference/configuration/packetbeat-options.asciidoc b/packetbeat/docs/reference/configuration/packetbeat-options.asciidoc index c7491d32896..210bef7f46a 100644 --- a/packetbeat/docs/reference/configuration/packetbeat-options.asciidoc +++ b/packetbeat/docs/reference/configuration/packetbeat-options.asciidoc @@ -179,14 +179,21 @@ disabled. [source,yaml] ------------------------------------------------------------------------------ -packetbeat.flows.timeout: 30s -packetbeat.flows.period: 10s +packetbeat.flows: + timeout: 30s + period: 10s ------------------------------------------------------------------------------ ==== Options You can specify the following options in the `flows` section of the +{beatname_lc}.yml+ config file: +===== enabled + +Enables flows support if set to true. Set to false to disable network flows +support without having to delete or comment out the flows section. The default +value is true. + ===== timeout Timeout configures the lifetime of a flow. If no packets have been received for @@ -205,7 +212,7 @@ disabled, flows are still reported once being timed out. The default value is === Transaction Protocols Configuration The `protocols` section of the +{beatname_lc}.yml+ config file contains configuration options for each supported protocol, -including common options like `ports`, `send_request`, `send_response`, and options that are protocol-specific. +including common options like `enabled`, `ports`, `send_request`, `send_response`, and options that are protocol-specific. Currently, Packetbeat supports the following protocols: @@ -247,6 +254,12 @@ packetbeat.protocols.thrift: The following options are available for all protocols: +===== enabled + +The enabled setting is a boolean setting to enable or disable protocols without having to comment out configuration sections. If set to false, the protocol is disabled. + +The default value is true. + ===== ports Exception: For ICMP the option `enabled` has to be used instead. @@ -285,7 +298,7 @@ You can specify the following options in the `icmp` section of the +{beatname_lc ===== enabled -The ICMP protocol can be enabled/disabled via this option. The default is false. +The ICMP protocol can be enabled/disabled via this option. The default is true. If enabled Packetbeat will generate the following BPF filter: `"icmp or icmp6"`. diff --git a/packetbeat/etc/beat.full.yml b/packetbeat/etc/beat.full.yml index 8e21d018164..56a3c60bb50 100644 --- a/packetbeat/etc/beat.full.yml +++ b/packetbeat/etc/beat.full.yml @@ -45,20 +45,27 @@ packetbeat.interfaces.device: any #================================== Flows ===================================== -# Set network flow timeout. Flow is killed if no packet is received before being -# timed out. -packetbeat.flows.timeout: 30s +packetbeat.flows: + # Enable Network flows. Default: true + #enabled: true -# Configure reporting period. If set to -1, only killed flows will be reported -packetbeat.flows.period: 10s + # Set network flow timeout. Flow is killed if no packet is received before being + # timed out. + timeout: 30s + + # Configure reporting period. If set to -1, only killed flows will be reported + period: 10s #========================== Transaction protocols ============================= packetbeat.protocols.icmp: - # Enable ICMPv4 and ICMPv6 monitoring. Default: false - enabled: true + # Enable ICMPv4 and ICMPv6 monitoring. Default: true + #enabled: true packetbeat.protocols.amqp: + # Enable AMQP monitoring. Default: true + #enabled: true + # Configure the ports where to listen for AMQP traffic. You can disable # the AMQP protocol by commenting out the list of ports. ports: [5672] @@ -93,6 +100,9 @@ packetbeat.protocols.amqp: #transaction_timeout: 10s packetbeat.protocols.dns: + # Enable DNS monitoring. Default: true + #enabled: true + # Configure the ports where to listen for DNS traffic. You can disable # the DNS protocol by commenting out the list of ports. ports: [53] @@ -120,6 +130,9 @@ packetbeat.protocols.dns: #transaction_timeout: 10s packetbeat.protocols.http: + # Enable HTTP monitoring. Default: true + #enabled: true + # Configure the ports where to listen for HTTP traffic. You can disable # the HTTP protocol by commenting out the list of ports. ports: [80, 8080, 8000, 5000, 8002] @@ -166,6 +179,9 @@ packetbeat.protocols.http: #transaction_timeout: 10s packetbeat.protocols.memcache: + # Enable memcache monitoring. Default: true + #enabled: true + # Configure the ports where to listen for memcache traffic. You can disable # the Memcache protocol by commenting out the list of ports. ports: [11211] @@ -212,6 +228,9 @@ packetbeat.protocols.memcache: #transaction_timeout: 10s packetbeat.protocols.mysql: + # Enable mysql monitoring. Default: true + #enabled: true + # Configure the ports where to listen for MySQL traffic. You can disable # the MySQL protocol by commenting out the list of ports. ports: [3306] @@ -229,6 +248,9 @@ packetbeat.protocols.mysql: #transaction_timeout: 10s packetbeat.protocols.pgsql: + # Enable pgsql monitoring. Default: true + #enabled: true + # Configure the ports where to listen for Pgsql traffic. You can disable # the Pgsql protocol by commenting out the list of ports. ports: [5432] @@ -246,6 +268,9 @@ packetbeat.protocols.pgsql: #transaction_timeout: 10s packetbeat.protocols.redis: + # Enable redis monitoring. Default: true + #enabled: true + # Configure the ports where to listen for Redis traffic. You can disable # the Redis protocol by commenting out the list of ports. ports: [6379] @@ -263,6 +288,9 @@ packetbeat.protocols.redis: #transaction_timeout: 10s packetbeat.protocols.thrift: + # Enable thrift monitoring. Default: true + #enabled: true + # Configure the ports where to listen for Thrift-RPC traffic. You can disable # the Thrift-RPC protocol by commenting out the list of ports. ports: [9090] @@ -315,6 +343,9 @@ packetbeat.protocols.thrift: #transaction_timeout: 10s packetbeat.protocols.mongodb: + # Enable mongodb monitoring. Default: true + #enabled: true + # Configure the ports where to listen for MongoDB traffic. You can disable # the MongoDB protocol by commenting out the list of ports. ports: [27017] @@ -342,6 +373,9 @@ packetbeat.protocols.mongodb: #transaction_timeout: 10s packetbeat.protocols.nfs: + # Enable NFS monitoring. Default: true + #enabled: true + # Configure the ports where to listen for NFS traffic. You can disable # the NFS protocol by commenting out the list of ports. ports: [2049] diff --git a/packetbeat/etc/beat.yml b/packetbeat/etc/beat.yml index a055bb7c0d2..c2848648969 100644 --- a/packetbeat/etc/beat.yml +++ b/packetbeat/etc/beat.yml @@ -15,14 +15,14 @@ packetbeat.interfaces.device: any #================================== Flows ===================================== -# Comment out all options to disable flows reporting. - -# Set network flow timeout. Flow is killed if no packet is received before being -# timed out. -packetbeat.flows.timeout: 30s - -# Configure reporting period. If set to -1, only killed flows will be reported -packetbeat.flows.period: 10s +# Set `enabled: false` or comment out all options to disable flows reporting. +packetbeat.flows: + # Set network flow timeout. Flow is killed if no packet is received before being + # timed out. + timeout: 30s + + # Configure reporting period. If set to -1, only killed flows will be reported + period: 10s #========================== Transaction protocols ============================= diff --git a/packetbeat/packetbeat.full.yml b/packetbeat/packetbeat.full.yml index 11f65c1682c..7fd3e997697 100644 --- a/packetbeat/packetbeat.full.yml +++ b/packetbeat/packetbeat.full.yml @@ -45,20 +45,27 @@ packetbeat.interfaces.device: any #================================== Flows ===================================== -# Set network flow timeout. Flow is killed if no packet is received before being -# timed out. -packetbeat.flows.timeout: 30s +packetbeat.flows: + # Enable Network flows. Default: true + #enabled: true -# Configure reporting period. If set to -1, only killed flows will be reported -packetbeat.flows.period: 10s + # Set network flow timeout. Flow is killed if no packet is received before being + # timed out. + timeout: 30s + + # Configure reporting period. If set to -1, only killed flows will be reported + period: 10s #========================== Transaction protocols ============================= packetbeat.protocols.icmp: - # Enable ICMPv4 and ICMPv6 monitoring. Default: false - enabled: true + # Enable ICMPv4 and ICMPv6 monitoring. Default: true + #enabled: true packetbeat.protocols.amqp: + # Enable AMQP monitoring. Default: true + #enabled: true + # Configure the ports where to listen for AMQP traffic. You can disable # the AMQP protocol by commenting out the list of ports. ports: [5672] @@ -93,6 +100,9 @@ packetbeat.protocols.amqp: #transaction_timeout: 10s packetbeat.protocols.dns: + # Enable DNS monitoring. Default: true + #enabled: true + # Configure the ports where to listen for DNS traffic. You can disable # the DNS protocol by commenting out the list of ports. ports: [53] @@ -120,6 +130,9 @@ packetbeat.protocols.dns: #transaction_timeout: 10s packetbeat.protocols.http: + # Enable HTTP monitoring. Default: true + #enabled: true + # Configure the ports where to listen for HTTP traffic. You can disable # the HTTP protocol by commenting out the list of ports. ports: [80, 8080, 8000, 5000, 8002] @@ -166,6 +179,9 @@ packetbeat.protocols.http: #transaction_timeout: 10s packetbeat.protocols.memcache: + # Enable memcache monitoring. Default: true + #enabled: true + # Configure the ports where to listen for memcache traffic. You can disable # the Memcache protocol by commenting out the list of ports. ports: [11211] @@ -212,6 +228,9 @@ packetbeat.protocols.memcache: #transaction_timeout: 10s packetbeat.protocols.mysql: + # Enable mysql monitoring. Default: true + #enabled: true + # Configure the ports where to listen for MySQL traffic. You can disable # the MySQL protocol by commenting out the list of ports. ports: [3306] @@ -229,6 +248,9 @@ packetbeat.protocols.mysql: #transaction_timeout: 10s packetbeat.protocols.pgsql: + # Enable pgsql monitoring. Default: true + #enabled: true + # Configure the ports where to listen for Pgsql traffic. You can disable # the Pgsql protocol by commenting out the list of ports. ports: [5432] @@ -246,6 +268,9 @@ packetbeat.protocols.pgsql: #transaction_timeout: 10s packetbeat.protocols.redis: + # Enable redis monitoring. Default: true + #enabled: true + # Configure the ports where to listen for Redis traffic. You can disable # the Redis protocol by commenting out the list of ports. ports: [6379] @@ -263,6 +288,9 @@ packetbeat.protocols.redis: #transaction_timeout: 10s packetbeat.protocols.thrift: + # Enable thrift monitoring. Default: true + #enabled: true + # Configure the ports where to listen for Thrift-RPC traffic. You can disable # the Thrift-RPC protocol by commenting out the list of ports. ports: [9090] @@ -315,6 +343,9 @@ packetbeat.protocols.thrift: #transaction_timeout: 10s packetbeat.protocols.mongodb: + # Enable mongodb monitoring. Default: true + #enabled: true + # Configure the ports where to listen for MongoDB traffic. You can disable # the MongoDB protocol by commenting out the list of ports. ports: [27017] @@ -342,6 +373,9 @@ packetbeat.protocols.mongodb: #transaction_timeout: 10s packetbeat.protocols.nfs: + # Enable NFS monitoring. Default: true + #enabled: true + # Configure the ports where to listen for NFS traffic. You can disable # the NFS protocol by commenting out the list of ports. ports: [2049] @@ -466,7 +500,7 @@ packetbeat.protocols.nfs: #-------------------------- Elasticsearch output ------------------------------ output.elasticsearch: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # Array of hosts to connect to. # Scheme and port can be left out and will be set to the default (http and 9200) @@ -578,7 +612,7 @@ output.elasticsearch: #----------------------------- Logstash output -------------------------------- #output.logstash: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # The Logstash hosts #hosts: ["localhost:5044"] @@ -631,7 +665,7 @@ output.elasticsearch: #------------------------------- Kafka output --------------------------------- #output.kafka: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # The list of Kafka broker addresses from where to fetch the cluster metadata. # The cluster metadata contain the actual Kafka brokers events are published @@ -722,7 +756,7 @@ output.elasticsearch: #------------------------------- Redis output --------------------------------- #output.redis: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # The list of Redis servers to connect to. If load balancing is enabled, the # events are distributed to the servers in the list. If one server becomes @@ -821,7 +855,7 @@ output.elasticsearch: #------------------------------- File output ---------------------------------- #output.file: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # Path to the directory where to save the generated files. The option is # mandatory. @@ -845,7 +879,7 @@ output.elasticsearch: #----------------------------- Console output --------------------------------- #output.console: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # Pretty print json event #pretty: false diff --git a/packetbeat/packetbeat.yml b/packetbeat/packetbeat.yml index 049903048f2..bf34cadf7b1 100644 --- a/packetbeat/packetbeat.yml +++ b/packetbeat/packetbeat.yml @@ -15,14 +15,14 @@ packetbeat.interfaces.device: any #================================== Flows ===================================== -# Comment out all options to disable flows reporting. - -# Set network flow timeout. Flow is killed if no packet is received before being -# timed out. -packetbeat.flows.timeout: 30s - -# Configure reporting period. If set to -1, only killed flows will be reported -packetbeat.flows.period: 10s +# Set `enabled: false` or comment out all options to disable flows reporting. +packetbeat.flows: + # Set network flow timeout. Flow is killed if no packet is received before being + # timed out. + timeout: 30s + + # Configure reporting period. If set to -1, only killed flows will be reported + period: 10s #========================== Transaction protocols ============================= diff --git a/packetbeat/protos/protos.go b/packetbeat/protos/protos.go index 144e5cf779c..e1c2515419b 100644 --- a/packetbeat/protos/protos.go +++ b/packetbeat/protos/protos.go @@ -104,6 +104,12 @@ func (protocols ProtocolsStruct) Init( plugin, exists := protocolPlugins[proto] if !exists { logp.Err("Protocol plugin '%v' not registered (%v).", name, proto.String()) + continue + } + + if !config.Enabled() { + logp.Info("Protocol plugin '%v' disabled by config", name) + continue } inst, err := plugin(testMode, results, config) diff --git a/winlogbeat/winlogbeat.full.yml b/winlogbeat/winlogbeat.full.yml index 91be97f0a74..d40c97cec59 100644 --- a/winlogbeat/winlogbeat.full.yml +++ b/winlogbeat/winlogbeat.full.yml @@ -117,7 +117,7 @@ winlogbeat.event_logs: #-------------------------- Elasticsearch output ------------------------------ output.elasticsearch: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # Array of hosts to connect to. # Scheme and port can be left out and will be set to the default (http and 9200) @@ -229,7 +229,7 @@ output.elasticsearch: #----------------------------- Logstash output -------------------------------- #output.logstash: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # The Logstash hosts #hosts: ["localhost:5044"] @@ -282,7 +282,7 @@ output.elasticsearch: #------------------------------- Kafka output --------------------------------- #output.kafka: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # The list of Kafka broker addresses from where to fetch the cluster metadata. # The cluster metadata contain the actual Kafka brokers events are published @@ -373,7 +373,7 @@ output.elasticsearch: #------------------------------- Redis output --------------------------------- #output.redis: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # The list of Redis servers to connect to. If load balancing is enabled, the # events are distributed to the servers in the list. If one server becomes @@ -472,7 +472,7 @@ output.elasticsearch: #------------------------------- File output ---------------------------------- #output.file: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # Path to the directory where to save the generated files. The option is # mandatory. @@ -496,7 +496,7 @@ output.elasticsearch: #----------------------------- Console output --------------------------------- #output.console: # Boolean flag to enable or disable the output module. - #enable: true + #enabled: true # Pretty print json event #pretty: false