Skip to content


Punch integrates lightweight data shippers : beats

They can collect data from files, networks packets, system call and system metrics.

Punch has the capacity to deploy these data shippers to external servers with the deployer.

Here is the list of compatible beats:

  • auditbeat
  • metricbeat
  • filebeat
  • packetbeat


Monitor user activity and processes, and analyze your event data in the Elastic Stack without touching auditd. Auditbeat communicates directly with the Linux audit framework, collects the same data as auditd, and sends the events to the Elastic Stack in real time. If you’re feeling nostalgic, you can run auditd alongside Auditbeat (in newer kernels).

Don’t rewrite what works. Use your existing audit rules to ingest data painlessly. Who was the actor? What action did they perform and when? Auditbeat retains all of the original syscall data and the associated paths so you have the context you need.



Deploy Metricbeat on all your Linux, Windows, and Mac hosts, connect it to Elasticsearch and voila: you get system-level CPU usage, memory, file system, disk IO, and network IO statistics, as well as top-like statistics for every process running on your systems.



After you start Filebeat, open the Logs UI and watch your files being tailed right in Kibana. Use the search bar to filter by service, app, host, datacenter, or other criteria to track down curious behavior across your aggregated logs.



Network protocols like HTTP let you keep a pulse on application latency and errors, response times, SLA performance, user access patterns and trends, and more.

Packetbeat lets you tap into this data and parse in real time to understand how traffic is flowing through your network. It's totally passive, has zero latency overhead, and it doesn’t interfere with your infrastructure.