Packagebeat is a Beat for collecting information about system packages from package managers and shipping it to Elasticsearch
Packagebeat currently supports the following package managers:
- dpkg (Debian, Ubuntu)
- RPM (Fedora, CentOS, RHEL)
with hopes for supporting the following (please consider contributing any of these):
- pip (Python)
- gem (Ruby)
- npm (node.js)
- chocolatey (Windows)
- pacman (ArchLinux)
- nix (NixOS)
- guix (GuixSD)
Binaries are available on the releases page.
The release package contains the following:
packagebeat
binary- Example
packagebeat.yml
- The Elasticsearch mapping template:
packagebeat.template.json
Install the mapping template before running Packagebeat:
curl -XPUT 'http://localhost:9200/_template/packagebeat' -d@packagebeat.template.json
Add the following to your favorite process manager:
packagebeat -c /etc/packagebeat/packagebeat.yml
Package information data is stored in the following format:
{
"@timestamp": "2099-01-01T00:00:00.000Z",
"beat": {
"hostname": "863bc3d673ad",
"name": "863bc3d673ad"
},
"type": "package",
"manager": "dpkg",
"name": "tar",
"version": "1.27.1-2+b1",
"summary": "GNU version of the tar archiving utility",
"architecture": "amd64"
}
go get github.com/joehillen/packagebeat
Unit Tests:
go test ./...
Integration Testing:
Testing on different Linux distributions is done using docker-compose:
docker-compose up
You can inspect the results using Kibana at http://localhost:5601