{"id":13646554,"url":"https://github.com/raboof/connbeat","last_synced_at":"2025-10-08T04:29:13.202Z","repository":{"id":57557789,"uuid":"58356706","full_name":"raboof/connbeat","owner":"raboof","description":"Agent exposing connection-related information, based on the Elastic Beats framework","archived":false,"fork":false,"pushed_at":"2018-07-20T09:38:36.000Z","size":42974,"stargazers_count":55,"open_issues_count":19,"forks_count":10,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-04-14T23:38:15.518Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/raboof.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-05-09T07:20:30.000Z","updated_at":"2023-08-13T18:21:43.000Z","dependencies_parsed_at":"2022-08-28T11:41:32.859Z","dependency_job_id":null,"html_url":"https://github.com/raboof/connbeat","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/raboof/connbeat","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raboof%2Fconnbeat","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raboof%2Fconnbeat/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raboof%2Fconnbeat/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raboof%2Fconnbeat/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/raboof","download_url":"https://codeload.github.com/raboof/connbeat/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raboof%2Fconnbeat/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278891104,"owners_count":26063852,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-08T02:00:06.501Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T01:02:58.954Z","updated_at":"2025-10-08T04:29:08.182Z","avatar_url":"https://github.com/raboof.png","language":"Go","readme":"# Connbeat\n\n[![Join the chat at https://gitter.im/connbeat/Lobby](https://badges.gitter.im/connbeat/Lobby.svg)](https://gitter.im/connbeat/Lobby?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge\u0026utm_content=badge)\n\n[![Build Status](https://travis-ci.org/raboof/connbeat.svg?branch=master)](https://travis-ci.org/raboof/connbeat)\n\nConnbeat, short for 'Connectionbeat', is an open source agent that monitors TCP connection metadata and\nships the data to Kafka or Elasticsearch, or an HTTP endpoint.\n\nThe main distinction from [Packetbeat](https://www.elastic.co/products/beats/packetbeat)\nis that Connbeat is intended to be able to monitor all connections on a\nmachine (rather than just selected protocols), and does not inspect the\npackage/connection contents, only metadata.\n\n## Credits\n\nDevelopment of connbeat was funded by [StackState](http://www.stackstate.com).\nCollecting connection data is only part of the puzzle: [StackState](http://www.stackstate.com)\ncombines it with information from many other sources, presenting it in a way that\nprovides actionable insights.\n\n![StackState logo](http://www.stackstate.com/wp-content/uploads/2016/12/Sts_LOGO_RGB_Full_Horizontal.png)\n\n## Building\n\n### On linux and mac osx\n\nConnbeat is built with 'make'. You need at least golang 1.7.3.\n\n # Make sure $GOPATH is set\n go get github.com/raboof/connbeat\n cd $GOPATH/src/github.com/raboof/connbeat\n make\n\nIt is possible to build connbeat on OSX. However, no integrations are implemented at this\npoint. It is possible to run the unit tests.\n\n### Building for linux on OSX\n\nTo build a linux binary on OSX you can use docker:\n\n docker run --rm -v \"$PWD\":/go/src/github.com/raboof/connbeat -w /go/src/github.com/raboof/connbeat golang:1.7.4 make\n\nThis will produce a dynamically linked connbeat executable in the current\ndirectory.\n\nTo create linux packages, use `make package`\n\n## Running\n\nEdit the configuration (connbeat.yml) to specify where you want your events to go (e.g. Kafka, Elasticsearch, the console).\n\nYou need to be root if you want to see the process for processes other than your own:\n\n sudo ./connbeat\n\nYou can view the events on kafka with something like kafkacat:\n\n kafkacat -C -b localhost -t connbeat\n\n## Docker\n\nYou can use connbeat to monitor TCP connections from docker instances - see\n[here](docker#readme) for details.\n\n## Performance overhead\n\nWe tested the overhead of running the connbeat agent using the\n[TechEmpower web framework benchmarks](https://www.techempower.com/benchmarks/).\n\nAfter deploying to AWS, we ran the [query](https://www.techempower.com/benchmarks/#test=query)\nbenchmark workload against the Spring Boot framework.\n\nThe result was encouraging: the total requests throughput took a hit of only\n0.47% (58 fewer requests on a total of 12312). The average latency was in fact\na little better in the test runs with connbeat - which must of course be caused\nby noise, but inspires confidence that connbeat introduce no noticable degredation.\n\nThe complete test results can be found in the /tests/performance folder of this repo.\n\nOf course performance impact may vary due to all kinds of circumstances and\ndifferences in workload. We're aware of several potential further\noptimizations, which can be applied when a situation comes up where connbeat\ndoes have a noticable impact. If you encounter such a situation, be sure to\nfile an issue.\n\n## Events\n\nFor connections where the agent is the server:\n\n {\n \"@timestamp\": \"2016-05-20T14:54:29.442Z\",\n \"beat\": {\n \"hostname\": \"yinka\",\n \"name\": \"yinka\",\n \"local_ips\": [\n \"192.168.2.243\"\n ]\n },\n \"local_port\": 80,\n \"local_process\": {\n \"binary\": \"dnsmasq\",\n \"cmdline\": \"\"/usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service\",\n \"environ\": [\n \"LANGUAGE=en_US:en\",\n \"PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\",\n \"LANG=en_US.UTF-8\",\n \"_SYSTEMCTL_SKIP_REDIRECT=true\",\n \"PWD=/\",\n\n ]\n },\n \"type\": \"connbeat\"\n }\n\nFor connections where the agent appears to be the client:\n\n {\n \"@timestamp\": \"2016-05-20T14:54:29.506Z\",\n \"beat\": {\n \"hostname\": \"yinka\",\n \"name\": \"yinka\",\n \"local_ips\": [\n \"192.168.2.243\"\n ]\n },\n \"local_ip\": \"192.168.2.243\",\n \"local_port\": 40074,\n \"local_process\": {\n \"binary\": \"chromium\",\n \"cmdline\": \"/usr/lib/chromium/chromium --show-component-extension-options --ignore-gpu-blacklist --ppapi-flash-path=/usr/lib/pepperflashplugin-nonfree/libpepflashplayer.so --ppapi-flash-version=20.0.0.228\",\n \"environ\": [\n \"\"\n ]\n },\n \"remote_ip\": \"52.91.150.74\",\n \"remote_port\": 443,\n \"type\": \"connbeat\"\n }\n\n## Testing\n\nTo run the regular go unit test, run 'make unit'.\n\nTo also run docker-based system tests, run 'make testsuite'\n\n## Packaging\n\nPreliminary packaging is available, but the resulting packages are not yet\nintended for general consumption.\n\n'make package' should be sufficient to produce a deb, rpm and a binary .tar.gz\n\n## Elastic Beat Upgrade \n\nCurrently `elastic\\beats` package is set to 5.6.9 and there is a manual change in the `vendor/github/com/elastic/beats/libbeat/script/Makefile` for parameter `TESTIFY_TOOL_REPO`. The value is set from `github.com/elastic/beats/vendor/github.com/stretchr/testify` to `github.com/elastic/beats/vendor/github.com/stretchr/testify/assert` because it tries to download master and the repo doesn't contain the actual code. and also this paramter can't be overriden in this version 5.6.9. So please check this parameter if it can be overriden or not and then change that in your `Makefile` when you update the `elastic/beats` library. Mostly in the latest library you don't need to change this parameter becuase it is fixed. \n\n## Contributing\n\nContributions are welcome! Feel free to [submit issues](https://github.com/raboof/connbeat/issues) to discuss problems and propose solutions, or send a [pull request](https://github.com/raboof/connbeat/pulls).\n\nPull requests are expected to include tests (which are run on Travis). We strive to merge any reasonable features, though features that might increase the load on the machine will likely have to be behind a feature switch that is off by default.\n\n## Security\n\nWe take great care to ensure connbeat is secure. If despite our efforts you\nhave found what looks like a vulnerability, please contact us privately at\naengelen@xebia.com. For extra safety the email may be encrypted with the\npublic key which can be found at https://keybase.io/raboof\n","funding_links":[],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fraboof%2Fconnbeat","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fraboof%2Fconnbeat","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fraboof%2Fconnbeat/lists"}