packetbeat: add metrics for TCP header flags #36992

efd6 · 2023-10-30T19:47:47Z

TCP flags are potentially useful for early-detecting/diagnosing network outages. This is not a feature that packetbeat currently provides, but would be useful and has been requested.

Logging every TCP packet's header as an event in packetbeat would be onerously expensive. However, it would be reasonable to add a set of metrics for the TCP header flags. This would allow detection of significant changes in e.g. RST flag observation in order to make early responses to network degradation.

elasticmachine · 2023-10-30T19:48:54Z

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Oct 30, 2023

efd6 added enhancement Packetbeat Team:Security-External Integrations 8.12-candidate labels Oct 30, 2023

efd6 self-assigned this Oct 30, 2023

botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Oct 30, 2023

efd6 mentioned this issue Oct 30, 2023

packetbeat/protos/tcp: add metrics for TCP header flags #36975

Merged

6 tasks

efd6 closed this as completed in #36975 Nov 11, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

packetbeat: add metrics for TCP header flags #36992

packetbeat: add metrics for TCP header flags #36992

efd6 commented Oct 30, 2023 •

edited

elasticmachine commented Oct 30, 2023

packetbeat: add metrics for TCP header flags #36992

packetbeat: add metrics for TCP header flags #36992

Comments

efd6 commented Oct 30, 2023 • edited

elasticmachine commented Oct 30, 2023

efd6 commented Oct 30, 2023 •

edited