packetbeat at gdg berlin meetup
TRANSCRIPT
• Sniffs and dissects packets on the network
• { “method”: “GET”, “path”: “/users/“, “status”: “OK”, “http.code”: 200, “http.phrase”: “OK” …}
• {“responsetime”: 12000, “bytes_out”: 578 …}
• {“service”: “Service15”, “host”: “alpha” … }
• Inserts this data in Elasticsearch
Protocol support
• HTTP
• MySQL
• PostgreSQL
• REDIS
• Thrift-RPC
• DNS
• Memcache
• Oracle
• MSSQL
• Sybase
• MongoDB
• Cassandra
soon™:
Plans for 2015• New inputs (besides sniffing):
• Middleware agents for Revel, Martini, Rails, Django
• JVM byte-code-injection agent
• API gateway for 3rd party services
• Y! Boomerang for RUM
• Nginx/Apache log files
• Your own instrumentation code
Normalise URLs / Queries Obfuscate parameters
• Transforms:
• SELECT * FROM table WHERE name=“Foobar” AND value=123;
• To
• SELECT * FROM table WHERE name=[S8] AND value=[N128];