Packetbeat 0.5.0

Change log:

• Simplified and re-organized the way the transactions are represented in Elasticsearch. Many fields which used to be protocol specific now share the same name. For example, the old mysql.query, pgsql.query and http.first_line are all named query now. This makes it easier to create common dashboards across protocols.
• Tuned the index template to speed up indexing and to improve the experience in the UI.
• The client location is now represented as a true geopoint instead of just the country code. This makes it work much better with the Kibana 4 map visualisation.
• Changed the defaults for the request_raw and response_raw fields to off in order to save disk space and to avoid privacy issues by default. They can be enabled on a per-protocol basis.
• Added a new params field in which (for example) the HTTP parameters are stored. Sensitive parameters can be safely removed based on configuration.
• Split code in sub-packages so it's easier to maintain and understand.
• The Content-Type header is always parsed, so the explicit send_headers option is no longer needed when you want to save the body.
• Fixed GeoIP data loading in the presence of symlinks. This was problematic on some CentOS systems.
• Fixed a bug where HTTP 1.1 requests having content-length: 0 were not correctly handled
• Binaries are compiled with Go 1.4.2

Packetbeat 0.4.3

Change log:

• Fixed bug that caused the HTTP body not to be included even when configured.
• Fixed an HTTP parsing bug where the final CRLF sequence of a chunked body was separated in two packets. (#84)
• Corrected the LinkType when saving pcap files.
• Fixed bug that broke sniffing on non-standard devices (#86).
• Binaries compiled with go 1.4 now.
• Debian binaries are compiled again under Debian Squeeze, which means they work without warnings on Ubuntu 12.04 again.

Packetbeat 0.4.2

Change log:

• Added more flexibility into which HTTP headers are captured and indexed. You can now index all headers, a white list of headers or no headers. By default no headers are sent, which matches the default behaviour in 0.4.1 as well. See the http configuration section for how to define which headers to capture and index.
• Added the option to split the Cookie and Set-Cookie headers into individual key-values pairs. This makes it easier to search for a particular session-id cookie, for example.
• Added the option of specifying a header field to be used for computing the country of the request. For example, one can use the X-Forwarded-For header field to extract the real ip and the src_country fields to be used for the map widget in Kibana.
• Fixed a bug in which the process detection code was called on each transaction rather than periodically.

Packetbeat 0.4.1

Change log:

• Switched to using the gopacket library for sniffing. Details in this blog post.
• Added IPv6 support.
• Added two new sniffer types: af_packet and pfring. Details in the same blog post linked above.
• Switched to the redigo library for REDIS. Performance improvements by using REDIS pipelining when publishing.
• Added an option to add tags per agent. This can be useful for getting statistics for a group of servers serving the same application.
• Added the option to save a pcap file by using the -dump command line flag.
• Added the option to save CPU profiling data by using the -cpuprofile command line flag.
• Fixed a slice error in decoding the MySQL messages.
• Increased the default file size for the file output plugin.

Packetbeat 0.4.0

Changelog:

• Added support for monitoring the performance of Thrift-RPC services. See this blog post for details.
• REDIS output now supports also the PUBLISH method.

Packetbeat 0.3.3

Release notes:

• Added a flat file output plugin, supporting simple file rotation and one line per transaction.
• Added explicit indexing for the X-Forwarded-For header.
• Added support for MySQL queries that start or contain new lines (#63)
• Added support for sniffing from BSD/OS X loopback interfaces.
• Improved the robustness of the PgSQL parser when dealing with huge requests.
• Added several options useful for debugging and integration testing as CLI options.
• Fixed the BuildRoot line for RPM packaging.

Packetbeat 0.3.2

Release notes:

• The RPM now uses an embedded go-daemon installation instead of daemonize. This removes the dependency and adds support for CentOS / RedHat / Oracle Linux 7 #59. We've written about this change here.
• Simplified default configuration file and README. Changes are backward compatible, so you can keep your existing configuration file.
• Fixed a bug in the MySQL implementation which could cause the agent to ignore the whole stream when a command is not understood.
• Fixed a bug when the agent was crashing when the GeoIP.dat file was a symbolic link.
• Fixed a stacktrace when the advertised IP header length is smaller than 20 bytes. #49
• Fixed an error in the Redis parser when dealing with fragmented TCP segments.
• Fixed a typo in the Debian init script. The pid file was wrongly named. #58

Packetbeat 0.3.1

Change log:

• Fixed the Elasticsearch output failure if the topology index already exists
• Fixed REDIS parser when dealing with messages spanning multiple TCP segments

Packetbeat 0.3.0

New features:

• Added support for multiple output plugins.
• Added Redis as an output plugin, which makes scaling and integrating with Logstash easier. See this article for a suggested architecture of your monitoring system.
• Added new CLI options for debugging memory leaks in the agent.

Fixes:

• Disabled tokenising the src_server and dst_server items. This improves the support for hostnames containing dashes.
• Improved the way the topology is stored and expired in Elasticsearch.
• Fixed a FD leak when looping the same PCAP file.
• Cap the maximum data we store per one TCP stream.
• Solved a potential memory leak issue.
• Reduced default verbosity when running in production.
• Mark the configuration file as not-executable (#41).
• Correctly mark the configuration file as configuration in the RPM packages (#42).

Packetbeat 0.2.2

Change log:

• Fixed an issue (#33), where the packetbeat agent was always connecting to localhost for Elasticsearch regardless of the configured host.
• Added the option of "censoring" POST parameters. This can be used, for example, to avoid logging user passwords.
• Fixed an issue (#39) that caused uninstalling the rpm to fail.
• When the -version option is used, exit immediately after printing the version.
• Use our fork of elasticgo in the tests as well.