Error Start Service Packetbeat

Elastic Stack Beats
1

Hello, i have a problem for start packetbeat Service

I have execute this command D:\LogHost\packetbeat-6.1.3-windows-x86_64\packetbeat.exe -c D:\LogHost\packetbeat-6.1.3-windows-x86_64\packetbeat.yml -e -v -d "*"

And i have an error

2018/02/01 15:20:38.893247 beat.go:463: DBG [beat] Beat metadata path: D:\LogHost\packetbeat-6.1.3-windows-x86_64\data\meta.json
2018/02/01 15:20:38.894248 beat.go:443: INFO Beat UUID: a1e8667d-1b7f-46d0-b8bb-74fe41b8647c
2018/02/01 15:20:38.895248 beat.go:203: INFO Setup Beat: packetbeat; Version: 6.1.3
2018/02/01 15:20:38.895248 beat.go:215: DBG [beat] Initializing output plugins
2018/02/01 15:20:38.895248 processor.go:49: DBG [processors] Processors:
2018/02/01 15:20:38.896248 metrics.go:23: INFO Metrics logging every 30s
2018/02/01 15:20:38.896248 logger.go:18: DBG [publish] start pipeline event consumer
2018/02/01 15:20:38.897247 module.go:76: INFO Beat name: SERVEUR
2018/02/01 15:20:39.004261 procs.go:78: INFO Process matching disabled
2018/02/01 15:20:40.091780 packetbeat.go:110: DBG [main] Initializing protocol plugins
2018/02/01 15:20:40.091780 protos.go:105: DBG [protos] registered protocol plugin: amqp
2018/02/01 15:20:40.091780 protos.go:105: DBG [protos] registered protocol plugin: cassandra
2018/02/01 15:20:40.091780 protos.go:105: DBG [protos] registered protocol plugin: dns
2018/02/01 15:20:40.091780 protos.go:105: DBG [protos] registered protocol plugin: http
2018/02/01 15:20:40.091780 protos.go:105: DBG [protos] registered protocol plugin: mysql
2018/02/01 15:20:40.091780 protos.go:105: DBG [protos] registered protocol plugin: pgsql
2018/02/01 15:20:40.091780 protos.go:105: DBG [protos] registered protocol plugin: thrift
2018/02/01 15:20:40.091780 protos.go:105: DBG [protos] registered protocol plugin: memcache
2018/02/01 15:20:40.091780 protos.go:105: DBG [protos] registered protocol plugin: mongodb
2018/02/01 15:20:40.091780 protos.go:105: DBG [protos] registered protocol plugin: nfs
2018/02/01 15:20:40.091780 protos.go:105: DBG [protos] registered protocol plugin: redis
2018/02/01 15:20:40.091780 protos.go:105: DBG [protos] registered protocol plugin: tls
2018/02/01 15:20:40.091780 sniffer.go:74: DBG [sniffer] BPF filter: ''
2018/02/01 15:20:40.091780 beat.go:635: CRIT Exiting: any interface is not supported on windows
Exiting: any interface is not supported on windows

Thanks for your help

2

Yes, this is normal. You need to set the capture interface in the packetbeat.yml configuration file.

Quoting the Packetbeat documentation:

On Windows, run the following command to list the available network interfaces:

PS C:\Program Files\Packetbeat> .\packetbeat.exe -devices

0: \Device\NPF_{113535AD-934A-452E-8D5F-3004797DE286} (Intel(R) PRO/1000 MT Desktop Adapter)

In this example, there’s only one network card, with the index 0, installed on the system. If there are multiple network cards, remember the index of the device you want to use for capturing the traffic.

Modify the device line to point to the index of the device:

packetbeat.interfaces.device: 0
1 Like
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.