Packetbeat 1.0.0-rc2

Please visit https://www.elastic.co/downloads/beats/packetbeat for the downloads.

Bugfixes

• Packetbeat will now exit if a configuration error is detected. #357
• Fixed an issue handling DNS requests containing no questions. #369

Packetbeat 1.0.0-rc1

For downloads, please visit: https://www.elastic.co/downloads/beats/packetbeat

Backward Compatibility Breaks

• Rename timestamp field with @timestamp for a better integration with Logstash. #343

Bugfixes

• Close file descriptors used to monitor processes. #337
• Remove old RPM spec file. It moved to elastic/beats-packer. #334
• Use stderr for console log output. elastic/libbeat#219
• Handle empty event array in publisher. elastic/libbeat#207
• Respect * debug selector in IsDebug. elastic/libbeat#226
• On Windows, remove service related error message when running in the console. elastic/libbeat#242
• Use http as the default scheme in the elasticsearch hosts elastic/libbeat#253
• Respect max bulk size if bulk publisher (collector) is disabled or sync flag is set. elastic/libbeat#261
• Always evaluate status code from Elasticsearch responses when indexing events. elastic/libbeat#192
• Use bulk_max_size configuration option instead of bulk_size. elastic/libbeat#256
• Fix max_retries=0 (no retries) configuration option. elastic/libbeat#266
• Filename used for file based logging now defaults to beat name. elastic/libbeat#267

Added

• Add Console output plugin. elastic/libbeat#218
• Add timestamp to log messages elastic/libbeat#245
• Send @metadata.beat to Logstash instead of @metadata.index to prevent possible name clashes and give user full control over index name used for Elasticsearch elastic/libbeat#231
• Add logging messages for bulk publishing in case of error elastic/libbeat#229
• Add option to configure number of parallel workers publishing to Elasticsearch or Logstash.
• Set default bulk size for Elasticsearch output to 50.
• Set default http timeout for Elasticsearch to 90s.
• Improve publish retry if sync flag is set by retrying only up to max bulk size events instead of all events to be published.

Packetbeat 1.0.0-beta4

For downloads, please visit: https://www.elastic.co/downloads/beats/packetbeat

Backward Compatibility Breaks

• renamed http module config file option 'strip_authorization' to 'redact_authorization'
• save_topology is set to false by default
• rename elasticsearch index to [packetbeat-]YYYY.MM.DD

Bugfixes

• Support for lower-case header names when redacting http authorization headers
• Redact proxy-authorization if redact-authorization is set
• Fix some multithreading issues #203
• Fix negative response time #216
• Fix memcache TCP connection being nil after dropping stream data. #299
• Add missing DNS protocol configuration to documentation #269

Added

• add .editorconfig file
• add (experimental/unsupported?) saltstack files
• Sample config file cleanup
• Moved common documentation to libbeat repository
• Update build to go 1.5.1
• Adding device descriptions to the -device output.
• Generate coverage for system tests
• Move go-daemon dependency to beats-packer
• Rename integration tests to system tests
• Made the -devices option more user friendly in case sudo is not used.
  Issue #296.
• Publish expired DNS transactions #301
• Update protocol guide to libbeat changes
• Add protocol registration to new protocol guide
• Make transaction timeouts configurable #300
• Add direction field to the exported fields #317

Packetbeat 1.0.0-beta3

For downloads and release notes see: https://www.elastic.co/downloads/beats/packetbeat

Packetbeat 1.0.0-beta2

Downloads and release notes: https://www.elastic.co/downloads/beats/packetbeat

Packetbeat 1.0.0.Beta1

Please download from: https://www.elastic.co/downloads/beats/packetbeat

Packetbeat 0.5.0

Change log:

• Simplified and re-organized the way the transactions are represented in Elasticsearch. Many fields which used to be protocol specific now share the same name. For example, the old mysql.query, pgsql.query and http.first_line are all named query now. This makes it easier to create common dashboards across protocols.
• Tuned the index template to speed up indexing and to improve the experience in the UI.
• The client location is now represented as a true geopoint instead of just the country code. This makes it work much better with the Kibana 4 map visualisation.
• Changed the defaults for the request_raw and response_raw fields to off in order to save disk space and to avoid privacy issues by default. They can be enabled on a per-protocol basis.
• Added a new params field in which (for example) the HTTP parameters are stored. Sensitive parameters can be safely removed based on configuration.
• Split code in sub-packages so it's easier to maintain and understand.
• The Content-Type header is always parsed, so the explicit send_headers option is no longer needed when you want to save the body.
• Fixed GeoIP data loading in the presence of symlinks. This was problematic on some CentOS systems.
• Fixed a bug where HTTP 1.1 requests having content-length: 0 were not correctly handled
• Binaries are compiled with Go 1.4.2

Packetbeat 0.4.3

Change log:

• Fixed bug that caused the HTTP body not to be included even when configured.
• Fixed an HTTP parsing bug where the final CRLF sequence of a chunked body was separated in two packets. (#84)
• Corrected the LinkType when saving pcap files.
• Fixed bug that broke sniffing on non-standard devices (#86).
• Binaries compiled with go 1.4 now.
• Debian binaries are compiled again under Debian Squeeze, which means they work without warnings on Ubuntu 12.04 again.

Packetbeat 0.4.2

Change log:

• Added more flexibility into which HTTP headers are captured and indexed. You can now index all headers, a white list of headers or no headers. By default no headers are sent, which matches the default behaviour in 0.4.1 as well. See the http configuration section for how to define which headers to capture and index.
• Added the option to split the Cookie and Set-Cookie headers into individual key-values pairs. This makes it easier to search for a particular session-id cookie, for example.
• Added the option of specifying a header field to be used for computing the country of the request. For example, one can use the X-Forwarded-For header field to extract the real ip and the src_country fields to be used for the map widget in Kibana.
• Fixed a bug in which the process detection code was called on each transaction rather than periodically.

Packetbeat 0.4.1

Change log:

• Switched to using the gopacket library for sniffing. Details in this blog post.
• Added IPv6 support.
• Added two new sniffer types: af_packet and pfring. Details in the same blog post linked above.
• Switched to the redigo library for REDIS. Performance improvements by using REDIS pipelining when publishing.
• Added an option to add tags per agent. This can be useful for getting statistics for a group of servers serving the same application.
• Added the option to save a pcap file by using the -dump command line flag.
• Added the option to save CPU profiling data by using the -cpuprofile command line flag.
• Fixed a slice error in decoding the MySQL messages.
• Increased the default file size for the file output plugin.