├── Dockerfile ├── README.md └── packetbeat.conf /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phusion/baseimage:latest 2 | MAINTAINER Tudor Golubenco 3 | 4 | RUN apt-get update 5 | RUN apt-get -y -q install libpcap0.8 wget 6 | 7 | ENV VERSION=1.0.0-beta2 ARCH=x86_64 EXTENSION=tar.gz 8 | ENV FILENAME=packetbeat-${VERSION}-${ARCH}.${EXTENSION} 9 | 10 | RUN wget https://download.elastic.co/beats/packetbeat/${FILENAME} 11 | RUN tar zxvf ${FILENAME} 12 | 13 | WORKDIR packetbeat-${VERSION} 14 | ADD packetbeat.yml packetbeat.yml 15 | 16 | CMD ["./packetbeat", "-e", "-c=packetbeat.yml"] 17 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Docker image for the Packetbeat agent 2 | 3 | Packetbeat is an open source application monitoring and 4 | performance management (APM) system. See 5 | http://packetbeat.com for details. 6 | 7 | This runs the Packetbeat agent inside it's own container, 8 | but by mounting the network host it is able to see the 9 | traffic from the other containers or from the applications 10 | running on the hosts. 11 | 12 | ## How to use 13 | 14 | To build: 15 | 16 | docker build -t packetbeat-agent . 17 | 18 | To run: 19 | 20 | docker run --net=host -d packetbeat-agent packetbeat -e -c /etc/packetbeat/packetbeat.conf 21 | 22 | The `--net=host` part makes it possible to sniff the traffic 23 | from other containers. 24 | 25 | ## From docker hub 26 | 27 | You can also pull the image from Docker Hub and run it like this: 28 | 29 | docker pull packetbeat/packetbeat-agent 30 | docker run --net=host -t -i packetbeat/packetbeat-agent packetbeat -e -c /etc/packetbeat/packetbeat.conf 31 | 32 | But note that you will need to provide your own `packetbeat.conf`. 33 | 34 | ## Thanks 35 | 36 | * [@dansowter](https://github.com/dansowter) for providing a starting point in [this ticket](https://github.com/packetbeat/packetbeat/issues/13). 37 | * [Jan Lelis](https://github.com/janlelis) for the help. 38 | * Hypoport AG for hosting #DockerHackDay Berlin :-) 39 | -------------------------------------------------------------------------------- /packetbeat.conf: -------------------------------------------------------------------------------- 1 | ### 2 | ### Packetbeat Agent configuration file. 3 | ### 4 | ### Packetbeat is an application monitoring system that works by sniffing 5 | ### the network traffic between your application ### components. 6 | ### 7 | ### For more configuration options, please visit: 8 | ### 9 | ### http://packetbeat.com/docs/configuration.html 10 | ### 11 | 12 | [output] 13 | 14 | [output.elasticsearch] 15 | # Comment this option if you don't want to output to Elasticsearch. 16 | enabled = false 17 | 18 | # Set the host and port where to find Elasticsearch. 19 | host = "localhost" 20 | port = 9200 21 | 22 | # Comment this option if you don't want to store the topology in Elasticsearch. 23 | save_topology = true 24 | 25 | [output.redis] 26 | # Uncomment out this option if you want to output to Redis. 27 | enabled = true 28 | 29 | # Set the host and port where to find Redis. 30 | host = "192.168.33.13" 31 | port = 6380 32 | 33 | # Uncomment out this option if you want to store the topology in Redis. 34 | # save_topology = true 35 | 36 | [output.file] 37 | # Uncomment the following lines if you want to output to flat files. 38 | #enabled = true 39 | #path="/tmp/packetbeat" 40 | #filename="packetbeat" 41 | #rotate_every_kb=1000 42 | #number_of_files=7 43 | 44 | [interfaces] 45 | # Select on which network interfaces to sniff. You can use the "any" 46 | # keyword to sniff on all connected interfaces. 47 | device = "docker0" 48 | 49 | [protocols] 50 | # Configure which protocols to monitor and on which ports are they 51 | # running. You can disable a given protocol by commenting out its 52 | # configuration. 53 | [protocols.http] 54 | ports = [80, 8080, 8000, 5000, 8002] 55 | 56 | [protocols.mysql] 57 | ports = [3306] 58 | 59 | [protocols.pgsql] 60 | ports = [5432] 61 | 62 | [protocols.redis] 63 | ports = [6379] 64 | 65 | [protocols.thrift] 66 | ports = [9090] 67 | 68 | [procs] 69 | # Which processes to monitor and how to find them. The processes can 70 | # be found by searching their command line by a given string. 71 | [procs.monitored.mysqld] 72 | cmdline_grep = "mysqld" 73 | 74 | [procs.monitored.pgsql] 75 | cmdline_grep = "postgres" 76 | 77 | [procs.monitored.nginx] 78 | cmdline_grep = "nginx" 79 | 80 | [procs.monitored.app] 81 | cmdline_grep = "gunicorn" 82 | 83 | [agent] 84 | # The name of the agent as it will show up in the web interface. If not 85 | # defined, we will just use the hostname. 86 | # 87 | #name= 88 | 89 | # Uncomment the following if you want to ignore transactions created 90 | # by the server on which the agent is installed. This option is useful 91 | # to remove duplicates if agents are installed on multiple servers. 92 | #ignore_outgoing = true 93 | 94 | [passwords] 95 | # Uncomment the following to hide certain parameters from HTTP POST 96 | # requests. The value of the parameters will be replaced with '*' characters 97 | # This is generally useful for avoiding storing user passwords or other 98 | # sensitive information. 99 | #hide_keywords = ["pass=", "password=", "passwd=", "Password="] 100 | 101 | # vim: set ft=toml: 102 | --------------------------------------------------------------------------------