How to Install Packetbeat on Manjaro

Packetbeat is a lightweight open-source tool for monitoring network traffic. It is part of the Elastic beats family, which includes other tools such as Filebeat, Metricbeat, and Winlogbeat. In this tutorial, we will cover the steps to install Packetbeat on Manjaro.

Prerequisites

Before proceeding with the installation, make sure you have the following:

  • A Manjaro Linux installation with a user account with sudo privilege
  • An active Elastic Stack installation

If you haven't installed Elastic Stack, follow this tutorial on how to install Elastic Stack on Manjaro: https://linuxhint.com/install-elastic-stack-manjaro/

Step 1: Update the System

Before installing Packetbeat, it is recommended to update the system to the latest packages available. Open the terminal and run the following command:

sudo pacman -Syu

Enter your password and wait for the system to update.

Step 2: Download and Install Packetbeat

  1. Open your web browser and go to the Packetbeat download page.
  2. Click on the Download button under the Stable Releases section to download the latest stable version.
  3. Extract the downloaded file to the desired location. In this example, we will extract it to the Downloads folder. Replace [version] with the actual version number.
tar -xvf ~/Downloads/packetbeat-[version]-linux-x86_64.tar.gz -C ~/Downloads/
  1. Move the extracted folder to /usr/share/ directory.
sudo mv ~/Downloads/packetbeat-[version]-linux-x86_64 /usr/share/packetbeat
  1. Create a symbolic link to /usr/bin/ directory.
sudo ln -s /usr/share/packetbeat/packetbeat /usr/bin/packetbeat

Step 3: Configure Packetbeat

  1. Open the Packetbeat configuration file using a text editor. In this example, we will use nano.
sudo nano /etc/packetbeat/packetbeat.yml
  1. Configure the Elasticsearch output section by modifying the output.elasticsearch block.
output.elasticsearch:
  hosts: ["localhost:9200"]
  username: "elastic"
  password: "changeme"

Replace "localhost:9200" with the address and port number of your Elasticsearch instance. Replace "elastic" and "changeme" with your Elasticsearch username and password respectively.

  1. Uncomment and modify the packetbeat.interfaces.device option to specify the network interface to monitor.
packetbeat.interfaces.device: enp0s3

Replace "enp0s3" with the name of the network interface you want to monitor. You can list all available network interfaces using the ip link command.

Step 4: Start and Enable Packetbeat Service

  1. Start the Packetbeat service.
sudo systemctl start packetbeat
  1. Enable the service to start during boot.
sudo systemctl enable packetbeat
  1. Verify that the service is running properly.
sudo systemctl status packetbeat

You should see a status message indicating that the service is active and running.

Conclusion

You have successfully installed and configured Packetbeat on Manjaro. You can now start monitoring network traffic using Packetbeat and visualize it in Kibana. To learn more about Packetbeat, check the official documentation at https://www.elastic.co/guide/en/beats/packetbeat/current/index.html.