Packetbeat dashboard for Application logs

Question

Can packetbeat is used to monitor the tomcat server logs and windows logs?? or it will only monitor the database i.e., network monitoring?

Answer 1

Packetbeat is used mainly for network analysis . It currently supports following protocols :

• ICMP (v4 and v6)
• DNS
• HTTP
• Mysql
• PostgreSQL
• Redis
• Thrift-RPC
• MongoDB
• Memcache

However , for visualizing tomcat logs you can configure them to use log4j and then configure logstash to take input from log4j and then using elasticsearch and kibana to visualise the logs.

To monitor windows logs you can use another beats platform Winlogbeat.

Answer 2

@tsg is correct but now with the Beats 1.x release they are deprecating Logstash Forwarder in lieu of another Beat called Filebeat. Also they added Topbeat, which allows you to monitor server load and processes in your cluster.

See: * https://www.elastic.co/blog/beats-1-0-0

You will likely want to install the package repo for your OS, then install each with:

• {package manager cmd} install packetbeat
• {package manager cmd} install topbeat
• {package manager cmd} install filebeat

They each are installed in common directories. For example with Ubuntu (Linux) the config files are in /etc/<beat name>/<beat name>.yml where beat name is one of the 3 above. Each file are similar and you can disable the direct ES export and instead export to Logstash (comment ES and uncomment Logstash) and then add a beats import in your Logstash config. From thereon, Logstash listens for any beats over that port and can redistribute (or queue) using the [@metadata][beat] param to tell where it came from.

Libbeat also provides a framework to build your own so you can send any data you want to Logstash and it can queue and/or index. ;-)

Answer 3

It will do only network monitoring. you can use ELK for tomcat server logs.

Answer 4

Packetbeat only does network monitoring. But you can use it together with Logstash or Logstash-Forwarder to get visibility also into your logs.