Packetbeat如何配置抓取域名和cookie

packetbeat.protocols.http:

  # Enable HTTP monitoring. Default: true

  enabled: true



  # Configure the ports where to listen for HTTP traffic. You can disable

  # the HTTP protocol by commenting out the list of ports.

  ports: [80, 8080, 8000, 5000, 8002]



  # Uncomment the following to hide certain parameters in URL or forms attached

  # to HTTP requests. The names of the parameters are case insensitive.

  # The value of the parameters will be replaced with the 'xxxxx' string.

  # This is generally useful for avoiding storing user passwords or other

  # sensitive information.

  # Only query parameters and top level form parameters are replaced.

  # hide_keywords: ['pass', 'password', 'passwd']



  # A list of header names to capture and send to Elasticsearch. These headers

  # are placed under the `headers` dictionary in the resulting JSON.

  send_headers: true



  # Instead of sending a white list of headers to Elasticsearch, you can send

  # all headers by setting this option to true. The default is false.

  send_all_headers: true



  # The list of content types for which Packetbeat includes the full HTTP

  # payload in the response field.

  #include_body_for: []



  # If the Cookie or Set-Cookie headers are sent, this option controls whether

  # they are split into individual values.

  split_cookie: false



  # The header field to extract the real IP from. This setting is useful when

  # you want to capture traffic behind a reverse proxy, but you want to get the

  # geo-location information.

  #real_ip_header:



  # If this option is enabled, the raw message of the request (`request` field)

  # is sent to Elasticsearch. The default is false.

  send_request: true



  # If this option is enabled, the raw message of the response (`response`

  # field) is sent to Elasticsearch. The default is false.

  send_response: true

{

  "@timestamp": "2017-07-24T01:52:46.541Z",

  "beat": {

    "hostname": "Medcl.local",

    "name": "Medcl.local",

    "version": "5.4.3"

  },

  "bytes_in": 1515,

  "bytes_out": 189,

  "client_ip": "192.168.0.106",

  "client_port": 52688,

  "client_proc": "",

  "client_server": "",

  "direction": "out",

  "http": {

    "request": {

      "headers": {

        "accept": "text/css,*/*;q=0.1",

        "accept-encoding": "gzip, deflate",

        "accept-language": "zh-cn",

        "cache-control": "max-age=0",

        "connection": "keep-alive",

        "content-length": 0,

        "cookie": "wor;wp-settings-time-1=1483838244; __utma=131518867.1943952710.1446362307.1499730647.1500860679.30; __utmb=131518867.17.10.1500860679; __utmc=131518867; __utmz=131518867.1479867462.12.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1",

        "host": "log.medcl.net",

        "if-modified-since": "Thu, 07 Jul 2016 08:24:36 GMT",

        "if-none-match": "\"577e11c4-176\"",

        "referer": "http://log.medcl.net/about/",

        "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4"

      },

      "params": "ver=2.70"

    },

    "response": {

      "code": 304,

      "headers": {

        "connection": "keep-alive",

        "content-length": 0,

        "date": "Mon, 24 Jul 2017 01:52:46 GMT",

        "etag": "\"577e11c4-176\"",

        "last-modified": "Thu, 07 Jul 2016 08:24:36 GMT",

        "server": "nginx/1.10.0 (Ubuntu)"

      },

      "phrase": "Modified"

    }

  },

  "ip": "106.186.120.253",

  "method": "GET",

  "path": "/wp-content/plugins/wp-pagenavi/pagenavi-css.css",

  "port": 80,

  "proc": "",

  "query": "GET /wp-content/plugins/wp-pagenavi/pagenavi-css.css",

  "request": "GET /wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70 HTTP/1.1\r\nHost: log.medcl.net\r\nAccept-Encoding: gzip, deflate\r\nCookie: wordp4ad6cc68a%3Dc%26alium%26libraryContent%3Dbrowse%26mfold%3Do; wp-settings-time-1=1483838244; __utma=131518867.1943952710.1446362307.1499730647.1500860679.30; __utmb=131518867.17.10.1500860679; __utl 2016 08:24:36 GMT\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4\r\nReferer: http://log.medcl.net/about/\r\nCache-Control: max-age=0\r\nAccept-Language: zh-cn\r\n\r\n",

  "response": "HTTP/1.1 304 Not Modified\r\nServer: nginx/1.10.0 (Ubuntu)\r\nDate: Mon, 24 Jul 2017 01:52:46 GMT\r\nLast-Modified: Thu, 07 Jul 2016 08:24:36 GMT\r\nConnection: keep-alive\r\nETag: \"577e11c4-176\"\r\n\r\n",

  "responsetime": 147,

  "server": "",

  "status": "OK",

  "type": "http"

}