Packetbeat 0.4.2

Change log:

• Added more flexibility into which HTTP headers are captured and indexed. You can now index all headers, a white list of headers or no headers. By default no headers are sent, which matches the default behaviour in 0.4.1 as well. See the http configuration section for how to define which headers to capture and index.
• Added the option to split the Cookie and Set-Cookie headers into individual key-values pairs. This makes it easier to search for a particular session-id cookie, for example.
• Added the option of specifying a header field to be used for computing the country of the request. For example, one can use the X-Forwarded-For header field to extract the real ip and the src_country fields to be used for the map widget in Kibana.
• Fixed a bug in which the process detection code was called on each transaction rather than periodically.

Packetbeat 0.4.1

Change log:

• Switched to using the gopacket library for sniffing. Details in this blog post.
• Added IPv6 support.
• Added two new sniffer types: af_packet and pfring. Details in the same blog post linked above.
• Switched to the redigo library for REDIS. Performance improvements by using REDIS pipelining when publishing.
• Added an option to add tags per agent. This can be useful for getting statistics for a group of servers serving the same application.
• Added the option to save a pcap file by using the -dump command line flag.
• Added the option to save CPU profiling data by using the -cpuprofile command line flag.
• Fixed a slice error in decoding the MySQL messages.
• Increased the default file size for the file output plugin.

Packetbeat 0.4.0

Changelog:

• Added support for monitoring the performance of Thrift-RPC services. See this blog post for details.
• REDIS output now supports also the PUBLISH method.

Packetbeat 0.3.3

Release notes:

• Added a flat file output plugin, supporting simple file rotation and one line per transaction.
• Added explicit indexing for the X-Forwarded-For header.
• Added support for MySQL queries that start or contain new lines (#63)
• Added support for sniffing from BSD/OS X loopback interfaces.
• Improved the robustness of the PgSQL parser when dealing with huge requests.
• Added several options useful for debugging and integration testing as CLI options.
• Fixed the BuildRoot line for RPM packaging.

Packetbeat 0.3.2

Release notes:

• The RPM now uses an embedded go-daemon installation instead of daemonize. This removes the dependency and adds support for CentOS / RedHat / Oracle Linux 7 #59. We've written about this change here.
• Simplified default configuration file and README. Changes are backward compatible, so you can keep your existing configuration file.
• Fixed a bug in the MySQL implementation which could cause the agent to ignore the whole stream when a command is not understood.
• Fixed a bug when the agent was crashing when the GeoIP.dat file was a symbolic link.
• Fixed a stacktrace when the advertised IP header length is smaller than 20 bytes. #49
• Fixed an error in the Redis parser when dealing with fragmented TCP segments.
• Fixed a typo in the Debian init script. The pid file was wrongly named. #58

Packetbeat 0.3.1

Change log:

• Fixed the Elasticsearch output failure if the topology index already exists
• Fixed REDIS parser when dealing with messages spanning multiple TCP segments

Packetbeat 0.3.0

New features:

• Added support for multiple output plugins.
• Added Redis as an output plugin, which makes scaling and integrating with Logstash easier. See this article for a suggested architecture of your monitoring system.
• Added new CLI options for debugging memory leaks in the agent.

Fixes:

• Disabled tokenising the src_server and dst_server items. This improves the support for hostnames containing dashes.
• Improved the way the topology is stored and expired in Elasticsearch.
• Fixed a FD leak when looping the same PCAP file.
• Cap the maximum data we store per one TCP stream.
• Solved a potential memory leak issue.
• Reduced default verbosity when running in production.
• Mark the configuration file as not-executable (#41).
• Correctly mark the configuration file as configuration in the RPM packages (#42).

Packetbeat 0.2.2

Change log:

• Fixed an issue (#33), where the packetbeat agent was always connecting to localhost for Elasticsearch regardless of the configured host.
• Added the option of "censoring" POST parameters. This can be used, for example, to avoid logging user passwords.
• Fixed an issue (#39) that caused uninstalling the rpm to fail.
• When the -version option is used, exit immediately after printing the version.
• Use our fork of elasticgo in the tests as well.

Packetbeat 0.2.1

New release with many small improvements and bug fixes. Read about it here:

http://packetbeat.com/blog/new-release-0-2-1.html

Many thanks to all contributors!

v0.2.0

Changelog:

• Added Posgresql support
• Added support for compiling under Windows and Windows binaries to the release
• Updated the list of Redis commands
• Added support for HTTPs and basic authentication for the connection with Elasticsearch
• Added CLI flags for easier testing based on saved PCAP files
• Added the -version CLI flag
• Use packetbeat.conf from the current directory as the default configuration file
• Improved the unit tests coverage for the MySQL and HTTP parsers
• Fixed a slice error in the HTTP parser (#4).
• Correctly interpret TCP retransmissions
• Automatically disable reading from /proc when not running on Linux