1

  1. I'm using packetbeat for monitoring and I'm using ubuntu as an operating system.

  2. I configured everything and the port for MySQL is 3306. I'm getting the dashboards in kibana, but if I start using MySQL I'm not getting anything in Packetbeat. It is unable to trace.

[interfaces] #Select on which network interfaces to sniff. You can use the "any" # keyword to sniff on all connected interfaces. device = "any"

[protocols] #Configure which protocols to monitor and on which ports are they #running. You can disable a given protocol by commenting out its #configuration.

[protocols.http] ports = [80, 8080, 8000, 5000, 8002]

[protocols.mysql] ports = [3306]

[protocols.pgsql] ports = [5432]

#[protocols.redis] #ports = [6379]

Opal
  • 81,889
  • 28
  • 189
  • 210
A.N.B Akhilesh
  • 211
  • 4
  • 16
  • Configuration looks good. If you start packetbeat like this: `packetbeat -e -c /etc/packetbeat/packetbeat.conf -d "mysql,mysqldetailed,publish"` do you get any hints? – tsg May 27 '15 at 11:38
  • **This is the output im getting:** `output_elasticsearch.go:58: INFO [ElasticsearchOutput] Using Elasticsearch http://175.41.145.234:9200' 'output_elasticsearch.go:59: INFO [ElasticsearchOutput] Using index pattern [packetbeat-]YYYY.MM.DD' 'output_elasticsearch.go:60: INFO [ElasticsearchOutput] Topology expires after 15s' 'publish.go:220: INFO Using Elasticsearch to store the topology' 'publish.go:185: DBG Add topology entry for localhost: [10.150.147.210 fe80::2000:aff:fe96:93d2]' 'publish.go:185: DBG Add topology entry for localhost: [10.150.147.210 fe80::2000:aff:fe96:93d2]` – A.N.B Akhilesh May 27 '15 at 13:36
  • 1
    I have to mention anything or configure anything for tracing mysql in conf file ? – A.N.B Akhilesh May 27 '15 at 13:40
  • Please help me.. I want to trace mysql into packetbeat... tell me what i have to configure. – A.N.B Akhilesh May 27 '15 at 14:39
  • You can also configure packetbeat to monitor mysqld process adding (or commenting out) following lines in the bottom of the file: `procs: enabled: true monitored: - process: mysqld cmdline_grep: mysqld` – andPat Jun 25 '15 at 11:03
  • Moreover: if you are trying to monitor your mysql executing queries "locally" you have to connect to mysql using not default socket, but TCP protocol, this way: `mysql -u user -p pwd --protocol=TCP` – andPat Jun 26 '15 at 08:32

1 Answers1

1

MySQL will attempt to connect via UNIX socket if using "localhost" (see https://dev.mysql.com/doc/refman/5.5/en/connecting.html). But if you specify the IP (probably 127.0.0.1) it will connect via TCP instead, allowing Packetbeat to sniff that connection.

gust1n
  • 133
  • 2
  • 7