0

我正在尝试安装 packetbeat 仪表板,并且此命令按预期工作。我已经安装了匹配的 Kibana 版本。

docker run docker.elastic.co/beats/packetbeat:5.5.0 ./scripts/import_dashboards  -es http://172.31.73.234:9200

当我尝试安装最新版本的 packetbeat 时,出现此错误:

docker run docker.elastic.co/beats/packetbeat:6.1.3  ./scripts/import_dashboards  -es http://1.2.3.4:9200
/usr/local/bin/docker-entrypoint: line 13: /usr/share/packetbeat/packetbeat: Operation not permitted

我检查了 packetbeat 和 kibana 使用的是相同的 6.1.3 版本

1) 为什么第 13 行在版本 6.1.3 而不是 5.5.0 的情况下失败?

2)有没有其他方法可以使用docker安装packetbeat?

更新:

换句话说,这适用于 elastic 和 packetbeat 都使用相同版本 5.6.7 的情况:

 docker run docker.elastic.co/beats/packetbeat:5.6.7 ./scripts/import_dashboards  -es https://0457e68d58e2479e1e73facc72f6cc56.us-east-1.aws.found.io:9243 -user elastic -pass XXX

但这不适用于弹性版本 6 或 kibana API:

# docker run docker.elastic.co/beats/packetbeat:6.1.3 ./scripts/import_dashboards  -es  https://db301e3a9602f088035cc828312ebdf2.us-east-1.aws.found.io:9243 -user elastic -pass xxx
/usr/local/bin/docker-entrypoint: line 13: /usr/share/packetbeat/packetbeat: Operation not permitted

# docker run docker.elastic.co/beats/packetbeat:5.6.7 ./scripts/import_dashboards  -es  https://db301e3a9602f088035cc828312ebdf2.us-east-1.aws.found.io:9243 -user elastic -pass xxx
Initialize the Elasticsearch 6.1.3 loader
Elasticsearch URL https://db301e3a9602f088035cc828312ebdf2.us-east-1.aws.found.io:9243
For Elasticsearch version >= 6.0.0, the Kibana dashboards need to be imported via the Kibana API.

# docker run docker.elastic.co/beats/packetbeat:6.1.3 ./scripts/import_dashboards  -es  https://c2ddaa70b10cb93643b031042d4f6554.us-east-1.aws.found.io:9243 -user elastic -pass xxx
/usr/local/bin/docker-entrypoint: line 13: /usr/share/packetbeat/packetbeat: Operation not permitted

# docker run docker.elastic.co/beats/packetbeat:5.6.7 ./scripts/import_dashboards  -es  https://c2ddaa70b10cb93643b031042d4f6554.us-east-1.aws.found.io:9243 -user elastic -pass xxx
fail to create the Elasticsearch loader: Error creating Elasticsearch client: Couldn't connect to any of the configured Elasticsearch hosts
Exiting
4

1 回答 1

0

这与我想要实现的目标很接近。它不是基于 docker,但它可以工作!

1)下载packetbeat:

curl -L -O https://artifacts.elastic.co/downloads/beats/packetbeat/packetbeat-6.1.3-x86_64.rpm

sudo rpm -vi packetbeat-5.4.1-x86_64.rpm

cd /usr/share/packetbeat/

2)配置packetbeat.yml文件:

#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["611878ce312a4bc30040208f62a9c9341.us-east-1.aws.found.io:9243"]

  # Optional protocol and basic auth credentials.
  protocol: "https"
  username: "elastic"
  password: "xxx"

#============================== Kibana =====================================

setup.kibana:

  host: "https://b0440709b5f76af035e0a5915a763ebf1.us-east-1.aws.found.io:9243"

#============================== Dashboards =====================================
setup.dashboards.enabled: true

3)启动packetbeat服务

/etc/init.d/packetbeat restart
于 2018-02-10T06:42:28.437 回答