The "default config" fallback doesn't work properly #3
Assignees
Labels
Comments
|
Thank you, I chose to just exit in case of errors to keep things simple. |
|
Better indeed. Thanks. :) |
|
I have problem when i run this script : docker run --net='container:ub-mysql' -t -i --name packetbeat-agent-ub packetbeat/packetbeat-agent packetbeat -e -c ~/ubaid/packetbeat.conf this a response : how to solve...???? |
|
@ubaidvh just a guess, but your shell might resolv the |
|
the file packetbeat.conf in my host..... |
|
It should end in the container... (see the how to) |
ruflin
pushed a commit
to ruflin/beats
that referenced
this issue
Dec 2, 2015
Respect configured period.
shaunrampersad
pushed a commit
to shaunrampersad/packetbeat
that referenced
this issue
Dec 2, 2015
Changed index from packetbeat-* to [packetbeat-]YYYY.MM.DD
cwurm
pushed a commit
to cwurm/beats
that referenced
this issue
Oct 7, 2019
kvch
added a commit
to kvch/beats
that referenced
this issue
Dec 2, 2019
Co-Authored-By: DeDe Morton <dede.morton@elastic.co>
This was referenced Apr 28, 2020
This was referenced May 7, 2020
6 tasks
33 tasks
paylm
pushed a commit
to paylm/beats
that referenced
this issue
Mar 2, 2023
Copy fundamental functionality from `github.com/elastic/beats/v7/libbeat/common`
tdancheva
added a commit
that referenced
this issue
Jun 5, 2023
* handle EOF on single line content (#33568) * handle EOF on single line content * changelog * fallback to encode_eof if no events in aws-s3 input * lint * lint * collect on EOF in line reader * remove encode eof * remove iterN * fix test * increase test coverage * linting * more linting * increase coverage (cherry picked from commit 7b45320) # Conflicts: # libbeat/reader/readfile/line.go # libbeat/reader/readfile/line_test.go # x-pack/filebeat/input/awss3/s3_objects.go * Fix conflicts * Fix failing test - TestMaxBytesLimit * Fix #2 failing test - TestMaxBytesLimit * Fix failing test checks * Fix linter errors * Fix typo * Fix linter errors #2 * Fix linter errors #3 * Fix linter errors #4 * Fix linter errors #5 * Changelog clean up * Change order of publish event --------- Co-authored-by: Andrea Spacca <andrea.spacca@elastic.co> Co-authored-by: Tamara Dancheva <tamara.dancheva@elastic.co>
pkoutsovasilis
added a commit
that referenced
this issue
Feb 14, 2024
* feat: add helper funcs to get symbol info from /proc/kallsyms * feat: introduce fixed executor that always runs funcs from the same os thread * feat: add probe manager to handle building tracing kprobes from tk-btf ones * feat: define probe events with corresponding alloc and release funcs * feat: embed stripped btf files and add helper funcs to read them * feat: add fsnotify, fsnotify_nameremove, fsnotify_parent and vfs_geattr tk-btf probe builders in probe manager * feat: implement path traverser to produce monitor events by walking a path * feat: implement directory entries cache * feat: implement event processor to process probe events and based on directory entry cache emit the respective event * feat: implement event verifier that validates that the expected sequence of generated fs events are properly emitted * feat: add perfChannel to reduce tracing.PerfChannel boilerplate code and satisfy testing needs * feat: implement monitor that ties together path traverser, perf channel and event emitting * feat: implement probe verification at runtime and the creation of a new monitor based on these * feat: implement event reader for kprobe-based file integrity module * doc: update NOTICE.txt to include tk-btf license * feat: add tests for non-recursive kprobe fim (#3) * fix: remove existing file from cache when a move operation is overwriting it * feat: introduce force_backend in for file integrity auditbeat module * ci: add necessary volume mounts for kprobes backend in auditbeat docker-compose.yml * feat: add the instantiation of file integrity module with kprobes backend * doc: update CHANGELOG.next.asciidoc * fix: address compilation issues for non-linux oses * fix: correct folder permission for path traverser unit-test * fix: build kprobe package and unit-tests only for linux * ci: extend test_file_integrity.py to test kprobes backend of file integrity module * ci: extend TestNew in monitor to include actual file changes * ci: mark with nolint prealloc slices that can't be pre-allocated * chore: inline defer funcs * fix: return the scanner error if any * fix: remove redundant runtime os checks for linux * doc: comment that dEntryCache is not thread-safe * fix: set the appropriate verbosity of errors of watcher * fix: check for scanner.Err and return err from parsing mountinfo lines * fix: remove redundant fim_backends list from test_file_integrity.py * fix: gofumpt kprobes package * fix: highlight unused context in event processor * fix: increase interval period of wait_output as kprobes require more time to verify the probes and print output * fix: proper formatting for auditbeat.reference.yml * fix: proper formatting for x-pack/auditbeat/auditbeat.reference.yml --------- Co-authored-by: Maxwell Borden <Tacklebox@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As figured out in #2, when there's an error in the config file, packetbeat logs that it will use the defaults. However, the following pcap.Openlive fails to open device:
I don't find any reference to defaults in the code either, but I've never used toml before...
Thanks
Stephan
The text was updated successfully, but these errors were encountered: