## 官网链接 [https://www.elastic.co/cn/downloads/past-releases/packetbeat-7-16-0](https://www.elastic.co/cn/downloads/past-releases/packetbeat-7-16-0) ## 启动命令 ``` systemctl status packetbeat systemctl restart packetbeat ``` ``` /usr/share/packetbeat/bin/packetbeat --environment systemd -c /etc/packetbeat/packetbeat.yml --path.home /usr/share/packetbeat --path.config /etc/packetbeat --path.data /var/lib/packetbeat ``` 查看网卡 ``` ./packetbeat devices ``` ``` # =============================== Network device =============================== # Select the network interface to sniff the data. On Linux, you can use the # "any" keyword to sniff on all connected interfaces. packetbeat.interfaces.device: ens192 packetbeat.interfaces.type: af_packet packetbeat.interfaces.poll_default_route: 1m # The network CIDR blocks that are considered "internal" networks for # the purpose of network perimeter boundary classification. The valid # values for internal_networks are the same as those that can be used # with processor network conditions. # # For a list of available values see: # https://www.elastic.co/guide/en/beats/packetbeat/current/defining-processors.html#condition-network packetbeat.interfaces.internal_networks: - private ``` 检查配置文件 ``` ./packetbeat test config -c /etc/packetbeat/packetbeat.yml ```