packetbeat protocols enabled config

CHANGELOG.asciidoc

@@ -20,6 +20,7 @@ https://github.com/elastic/beats/compare/v5.0.0-alpha4...master[Check the HEAD d
 *Metricbeat*
 
 *Packetbeat*
+- Set `enabled` ` in `packetbeat.protocols.icmp` configuration to `true` by default. {pull}1988[1988]
 
 *Topbeat*
 
@@ -54,12 +55,14 @@ https://github.com/elastic/beats/compare/v5.0.0-alpha4...master[Check the HEAD d
 *Affecting all Beats*
 
 - Periodically log internal metrics. {pull}1955[1955]
-- Add enable-setting to all output modules. {pull}1987[1987]
+- Add enabled setting to all output modules. {pull}1987[1987]
 - Command line flag -c can be used multiple times. {pull}1985[1985]
 - Add OR/AND/NOT to the condition associated with the processors. {pull}1983[1983]
 - Add '-E' CLI flag for overwriting single config options via command line. {pull}1986[1986]
 - Choose the mapping template file based on the Elasticsearch version. {pull}1993[1993]
 - Check stdout being available when console output is configured. {issue}2035[2035]
+- Add enabled setting to packetbeat protocols. {pull}1988[1988]
+- Add enabled setting to packetbeat network flows configuration. {pull}1988[1988]
 
 *Metricbeat*
 

filebeat/filebeat.full.yml

@@ -308,7 +308,7 @@ filebeat.prospectors:
 #-------------------------- Elasticsearch output ------------------------------
 output.elasticsearch:
   # Boolean flag to enable or disable the output module.
-  #enable: true
+  #enabled: true
 
   # Array of hosts to connect to.
   # Scheme and port can be left out and will be set to the default (http and 9200)
@@ -420,7 +420,7 @@ output.elasticsearch:
 #----------------------------- Logstash output --------------------------------
 #output.logstash:
   # Boolean flag to enable or disable the output module.
-  #enable: true
+  #enabled: true
 
   # The Logstash hosts
   #hosts: ["localhost:5044"]
@@ -473,7 +473,7 @@ output.elasticsearch:
 #------------------------------- Kafka output ---------------------------------
 #output.kafka:
   # Boolean flag to enable or disable the output module.
-  #enable: true
+  #enabled: true
 
   # The list of Kafka broker addresses from where to fetch the cluster metadata.
   # The cluster metadata contain the actual Kafka brokers events are published
@@ -564,7 +564,7 @@ output.elasticsearch:
 #------------------------------- Redis output ---------------------------------
 #output.redis:
   # Boolean flag to enable or disable the output module.
-  #enable: true
+  #enabled: true
 
   # The list of Redis servers to connect to. If load balancing is enabled, the
   # events are distributed to the servers in the list. If one server becomes
@@ -663,7 +663,7 @@ output.elasticsearch:
 #------------------------------- File output ----------------------------------
 #output.file:
   # Boolean flag to enable or disable the output module.
-  #enable: true
+  #enabled: true
 
   # Path to the directory where to save the generated files. The option is
   # mandatory.
@@ -687,7 +687,7 @@ output.elasticsearch:
 #----------------------------- Console output ---------------------------------
 #output.console:
   # Boolean flag to enable or disable the output module.
-  #enable: true
+  #enabled: true
 
   # Pretty print json event
   #pretty: false

libbeat/_meta/config.full.yml

@@ -82,7 +82,7 @@
 #-------------------------- Elasticsearch output ------------------------------
 output.elasticsearch:
   # Boolean flag to enable or disable the output module.
-  #enable: true
+  #enabled: true
 
   # Array of hosts to connect to.
   # Scheme and port can be left out and will be set to the default (http and 9200)
@@ -194,7 +194,7 @@ output.elasticsearch:
 #----------------------------- Logstash output --------------------------------
 #output.logstash:
   # Boolean flag to enable or disable the output module.
-  #enable: true
+  #enabled: true
 
   # The Logstash hosts
   #hosts: ["localhost:5044"]
@@ -247,7 +247,7 @@ output.elasticsearch:
 #------------------------------- Kafka output ---------------------------------
 #output.kafka:
   # Boolean flag to enable or disable the output module.
-  #enable: true
+  #enabled: true
 
   # The list of Kafka broker addresses from where to fetch the cluster metadata.
   # The cluster metadata contain the actual Kafka brokers events are published
@@ -338,7 +338,7 @@ output.elasticsearch:
 #------------------------------- Redis output ---------------------------------
 #output.redis:
   # Boolean flag to enable or disable the output module.
-  #enable: true
+  #enabled: true
 
   # The list of Redis servers to connect to. If load balancing is enabled, the
   # events are distributed to the servers in the list. If one server becomes
@@ -437,7 +437,7 @@ output.elasticsearch:
 #------------------------------- File output ----------------------------------
 #output.file:
   # Boolean flag to enable or disable the output module.
-  #enable: true
+  #enabled: true
 
   # Path to the directory where to save the generated files. The option is
   # mandatory.
@@ -461,7 +461,7 @@ output.elasticsearch:
 #----------------------------- Console output ---------------------------------
 #output.console:
   # Boolean flag to enable or disable the output module.
-  #enable: true
+  #enabled: true
 
   # Pretty print json event
   #pretty: false

libbeat/common/config.go

@@ -142,11 +142,14 @@ func (c *Config) SetChild(name string, idx int, value *Config) error {
 
 func (c *Config) Enabled() bool {
 	testEnabled := struct {
-		Enabled bool `config:"enable"`
+		Enabled bool `config:"enabled"`
 	}{true}
 
+	if c == nil {
+		return false
+	}
 	if err := c.Unpack(&testEnabled); err != nil {
-		// if unpacking fails, expect 'enable' being set to default value
+		// if unpacking fails, expect 'enabled' being set to default value
 		return true
 	}
 	return testEnabled.Enabled

libbeat/docs/outputconfig.asciidoc

@@ -92,9 +92,9 @@ output.elasticsearch:
 
 You can specify the following options in the `elasticsearch` section of the +{beatname_lc}.yml+ config file:
 
-===== enable
+===== enabled
 
-The enable config is a boolean setting to enable or disable the output. If set
+The enabled config is a boolean setting to enable or disable the output. If set
 to false, the output is disabled.
 
 The default value is true.
@@ -388,9 +388,9 @@ output.logstash:
 You can specify the following options in the `logstash` section of the
 +{beatname_lc}.yml+ config file:
 
-===== enable
+===== enabled
 
-The enable config is a boolean setting to enable or disable the output. If set
+The enabled config is a boolean setting to enable or disable the output. If set
 to false, the output is disabled.
 
 The default value is true.
@@ -529,9 +529,9 @@ The Kafka output sends the events to Apache Kafka.
 
 You can specify the following options in the `kafka` section of the +{beatname_lc}.yml+ config file:
 
-===== enable
+===== enabled
 
-The enable config is a boolean setting to enable or disable the output. If set
+The enabled config is a boolean setting to enable or disable the output. If set
 to false, the output is disabled.
 
 The default value is true.
@@ -647,9 +647,9 @@ output.redis:
 
 You can specify the following options in the `redis` section of the +{beatname_lc}.yml+ config file:
 
-===== enable
+===== enabled
 
-The enable config is a boolean setting to enable or disable the output. If set
+The enabled config is a boolean setting to enable or disable the output. If set
 to false, the output is disabled.
 
 The default value is true.
@@ -798,9 +798,9 @@ output.file:
 
 You can specify the following options in the `file` section of the +{beatname_lc}.yml+ config file:
 
-===== enable
+===== enabled
 
-The enable config is a boolean setting to enable or disable the output. If set
+The enabled config is a boolean setting to enable or disable the output. If set
 to false, the output is disabled.
 
 The default value is true.
@@ -846,9 +846,9 @@ You can specify the following options in the `console` section of the +{beatname
 
 If `pretty` is set to true, events written to stdout will be nicely formatted. The default is false.
 
-===== enable
+===== enabled
 
-The enable config is a boolean setting to enable or disable the output. If set
+The enabled config is a boolean setting to enable or disable the output. If set
 to false, the output is disabled.
 
 The default value is true.

metricbeat/metricbeat.full.yml

@@ -227,7 +227,7 @@ metricbeat.modules:
 #-------------------------- Elasticsearch output ------------------------------
 output.elasticsearch:
   # Boolean flag to enable or disable the output module.
-  #enable: true
+  #enabled: true
 
   # Array of hosts to connect to.
   # Scheme and port can be left out and will be set to the default (http and 9200)
@@ -339,7 +339,7 @@ output.elasticsearch:
 #----------------------------- Logstash output --------------------------------
 #output.logstash:
   # Boolean flag to enable or disable the output module.
-  #enable: true
+  #enabled: true
 
   # The Logstash hosts
   #hosts: ["localhost:5044"]
@@ -392,7 +392,7 @@ output.elasticsearch:
 #------------------------------- Kafka output ---------------------------------
 #output.kafka:
   # Boolean flag to enable or disable the output module.
-  #enable: true
+  #enabled: true
 
   # The list of Kafka broker addresses from where to fetch the cluster metadata.
   # The cluster metadata contain the actual Kafka brokers events are published
@@ -483,7 +483,7 @@ output.elasticsearch:
 #------------------------------- Redis output ---------------------------------
 #output.redis:
   # Boolean flag to enable or disable the output module.
-  #enable: true
+  #enabled: true
 
   # The list of Redis servers to connect to. If load balancing is enabled, the
   # events are distributed to the servers in the list. If one server becomes
@@ -582,7 +582,7 @@ output.elasticsearch:
 #------------------------------- File output ----------------------------------
 #output.file:
   # Boolean flag to enable or disable the output module.
-  #enable: true
+  #enabled: true
 
   # Path to the directory where to save the generated files. The option is
   # mandatory.
@@ -606,7 +606,7 @@ output.elasticsearch:
 #----------------------------- Console output ---------------------------------
 #output.console:
   # Boolean flag to enable or disable the output module.
-  #enable: true
+  #enabled: true
 
   # Pretty print json event
   #pretty: false

packetbeat/beater/packetbeat.go

@@ -197,34 +197,36 @@ func (pb *Packetbeat) Stop() {
 }
 
 func (pb *Packetbeat) setupSniffer() error {
-	cfg := &pb.Config
+	config := &pb.Config
+
+	withVlans := config.Interfaces.With_vlans
+	withICMP := config.Protocols["icmp"].Enabled()
 
-	withVlans := cfg.Interfaces.With_vlans
-	_, withICMP := cfg.Protocols["icmp"]
-	filter := cfg.Interfaces.Bpf_filter
-	if filter == "" && cfg.Flows == nil {
+	filter := config.Interfaces.Bpf_filter
+	if filter == "" && !config.Flows.IsEnabled() {
 		filter = protos.Protos.BpfFilter(withVlans, withICMP)
 	}
 
 	pb.Sniff = &sniffer.SnifferSetup{}
-	return pb.Sniff.Init(false, pb.makeWorkerFactory(filter), &cfg.Interfaces)
+	return pb.Sniff.Init(false, pb.makeWorkerFactory(filter), &config.Interfaces)
 }
 
 func (pb *Packetbeat) makeWorkerFactory(filter string) sniffer.WorkerFactory {
 	return func(dl layers.LinkType) (sniffer.Worker, string, error) {
 		var f *flows.Flows
 		var err error
+		config := &pb.Config
 
-		if pb.Config.Flows != nil {
-			f, err = flows.NewFlows(pb.Pub, pb.Config.Flows)
+		if config.Flows.IsEnabled() {
+			f, err = flows.NewFlows(pb.Pub, config.Flows)
 			if err != nil {
 				return nil, "", err
 			}
 		}
 
 		var icmp4 icmp.ICMPv4Processor
 		var icmp6 icmp.ICMPv6Processor
-		if cfg, exists := pb.Config.Protocols["icmp"]; exists {
+		if cfg := config.Protocols["icmp"]; cfg.Enabled() {
 			icmp, err := icmp.New(false, pb.Pub, cfg)
 			if err != nil {
 				return nil, "", err

packetbeat/config/config.go

@@ -31,8 +31,9 @@ type InterfacesConfig struct {
 }
 
 type Flows struct {
-	Timeout string
-	Period  string
+	Enabled *bool  `config:"enabled"`
+	Timeout string `config:"timeout"`
+	Period  string `config:"period"`
 }
 
 type ProtocolCommon struct {
@@ -41,3 +42,7 @@ type ProtocolCommon struct {
 	SendResponse       bool          `config:"send_response"`
 	TransactionTimeout time.Duration `config:"transaction_timeout"`
 }
+
+func (f *Flows) IsEnabled() bool {
+	return f != nil && (f.Enabled == nil || *f.Enabled)
+}

packetbeat/docs/reference/configuration/packetbeat-options.asciidoc

@@ -179,14 +179,21 @@ disabled.
 
 [source,yaml]
 ------------------------------------------------------------------------------
-packetbeat.flows.timeout: 30s
-packetbeat.flows.period: 10s
+packetbeat.flows:
+  timeout: 30s
+  period: 10s
 ------------------------------------------------------------------------------
 
 ==== Options
 
 You can specify the following options in the `flows` section of the +{beatname_lc}.yml+ config file:
 
+===== enabled
+
+Enables flows support if set to true. Set to false to disable network flows
+support without having to delete or comment out the flows section. The default
+value is true.
+
 ===== timeout
 
 Timeout configures the lifetime of a flow. If no packets have been received for
@@ -205,7 +212,7 @@ disabled, flows are still reported once being timed out. The default value is
 === Transaction Protocols Configuration
 
 The `protocols` section of the +{beatname_lc}.yml+ config file contains configuration options for each supported protocol,
-including common options like `ports`, `send_request`, `send_response`, and options that are protocol-specific.
+including common options like `enabled`, `ports`, `send_request`, `send_response`, and options that are protocol-specific.
 
 Currently, Packetbeat supports the following protocols:
 
@@ -247,6 +254,12 @@ packetbeat.protocols.thrift:
 
 The following options are available for all protocols:
 
+===== enabled
+
+The enabled setting is a boolean setting to enable or disable protocols without having to comment out configuration sections. If set to false, the protocol is disabled.
+
+The default value is true.
+
 ===== ports
 
 Exception: For ICMP the option `enabled` has to be used instead.
@@ -285,7 +298,7 @@ You can specify the following options in the `icmp` section of the +{beatname_lc
 
 ===== enabled
 
-The ICMP protocol can be enabled/disabled via this option. The default is false.
+The ICMP protocol can be enabled/disabled via this option. The default is true.
 
 If enabled Packetbeat will generate the following BPF filter: `"icmp or icmp6"`.