Packetbeat 是一个实时网络数据包分析工具，与elasticsearch一体来提供应用程序的监控和分析系统。
Packetbeat通过嗅探应用服务器之间的网络通讯，来解码应用层协议类型如HTTP、MySQL、redis等等，关联请求与响应，并记录每个事务有意义的字段。
packetbeat是根据监听主机的网卡对应的接口来进行流量监控。对nginx流量进行监听，需要将packetbeat安装在nginx主机上，通过配置输出到elasticsearch来进行分析，同时也支持输出到kafka、redis(不推荐)或logstash。
packetbeat支持协议及端口有：

- type: icmp

- type: amqp
  ports: [5672]

- type: cassandra
  ports: [9042]

- type: dhcpv4
  ports: [67, 68]
  
- type: dns
  ports: [53]

- type: http
  ports: [80, 8080, 8000, 5000, 8002]
  
- type: memcache
  ports: [11211]

- type: mysql
  ports: [3306,3307]

- type: pgsql
  ports: [5432]

- type: redis
  ports: [6379]

- type: thrift
  ports: [9090]

- type: mongodb
  ports: [27017]

- type: nfs
  ports: [2049]

- type: tls
  ports:
    - 443   # HTTPS
    - 993   # IMAPS
    - 995   # POP3S
    - 5223  # XMPP over SSL
    - 8443
    - 8883  # Secure MQTT
    - 9243  # Elasticsearch