From 38a3ac3a5f44423175be7dc4a310c1aa9bf5cd89 Mon Sep 17 00:00:00 2001 From: Sam Choraria Date: Tue, 11 Feb 2020 11:33:28 +0000 Subject: [PATCH] Allow specified http ports to be ignored by packetbeat Packetbeat monitors traffic for all http ports specified for heartbeat services. This change provides an additional list of ports to ignore to filter traffic at source e.g. that generated by Elasticsearch, Kibana & Logstash itself. Change-Id: I57ac8582c4cc8a6fe5826fdbffbac4ab4e98ac78 --- elk_metrics_7x/roles/elastic_packetbeat/defaults/main.yml | 3 +++ .../roles/elastic_packetbeat/templates/packetbeat.yml.j2 | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/elk_metrics_7x/roles/elastic_packetbeat/defaults/main.yml b/elk_metrics_7x/roles/elastic_packetbeat/defaults/main.yml index f629df39..a5fb3e2d 100644 --- a/elk_metrics_7x/roles/elastic_packetbeat/defaults/main.yml +++ b/elk_metrics_7x/roles/elastic_packetbeat/defaults/main.yml @@ -28,3 +28,6 @@ ilm_policy_file_location: "{{ (packetbeat_ilm_policy_file_location | default(def # beat processors. Empty dictionary sets `add_host_metadata: ~` processors: {} + +# optional list of ports to ignore +packetbeat_ignored_ports: [] diff --git a/elk_metrics_7x/roles/elastic_packetbeat/templates/packetbeat.yml.j2 b/elk_metrics_7x/roles/elastic_packetbeat/templates/packetbeat.yml.j2 index 715a844e..42597021 100644 --- a/elk_metrics_7x/roles/elastic_packetbeat/templates/packetbeat.yml.j2 +++ b/elk_metrics_7x/roles/elastic_packetbeat/templates/packetbeat.yml.j2 @@ -167,7 +167,7 @@ packetbeat.protocols: {% set ports = [] %} {% for item in heartbeat_services %} {% for port in item.ports %} -{% if (item.type == 'http') and (not port in used_ports) %} +{% if (item.type == 'http') and (not port in used_ports) and (not port in packetbeat_ignored_ports) %} {% set _ = ports.extend([port]) %} {% endif %} {% endfor %}