Sorry for opening a third thread about npcap. The first and the second thread were closed in the meantime.
We updated our servers to Elastic Agent 8.7.1 and Network Packet Capture integration 1.16.0.
Unfortunately the settings is not working as expected. We still face the issue that our npcac version gets overwritten with the bundled npcap 1.71.
@jamie.hynds @efd6
efd6
May 17, 2023, 10:59pm
2
Thanks for reporting this. I will be able to take a look in the next couple of days. If I need any additional information I will ask, so there's nothing you need to do in the interim.
efd6
May 18, 2023, 1:08am
3
I've taken a look and I will need some diagnostics. Are you able to provide these? I need to see debug level logs during installation of NPC and the agent configs that are in a diagnostics bundle. Are we able to take this to community slack?
This PR should fix the issue.
elastic:main ← efd6:npcap_agent_config
opened 12:44AM - 23 May 23 UTC
<!-- Type of change
Please label this PR with one of the following labels, depe… nding on the scope of your change:
- Bug
- Enhancement
- Breaking change
- Deprecation
- Cleanup
- Docs
-->
## What does this PR do?
<!-- Mandatory
Explain here the changes you made on the PR. Please explain the WHAT: patterns used, algorithms implemented, design architecture, message processing, etc.
-->
Previously, the config option for blocking Npcap DLL installation on Windows under fleet was not properly handled due to differences in the shape of the configs by the time the decision is made for the action. This adds a tested helper to ensure that fleet configurations are properly handled.
Also add some logging at the beginning of the install process and a note when a previously installed Npcap is disabled.
## Why is it important?
<!-- Mandatory
Explain here the WHY, or the rationale/motivation for the changes.
-->
The current behaviour does not respect user configurations.
## Checklist
<!-- Mandatory
Add a checklist of things that are required to be reviewed in order to have the PR approved
List here all the items you have verified BEFORE sending this PR. Please DO NOT remove any item, striking through those that do not apply. (Just in case, strikethrough uses two tildes. ~~Scratch this.~~)
-->
- [x] My code follows the style guidelines of this project
- [x] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [ ] I have made corresponding change to the default configuration files
- [x] I have added tests that prove my fix is effective or that my feature works
- [x] I have added an entry in `CHANGELOG.next.asciidoc` or `CHANGELOG-developer.next.asciidoc`.
## Author's Checklist
<!-- Recommended
Add a checklist of things that are required to be reviewed in order to have the PR approved
-->
- [ ]
## How to test this PR locally
<!-- Recommended
Explain here how this PR will be tested by the reviewer: commands, dependencies, steps, etc.
-->
Run `go test` in packetbeat/beater.
## Related issues
<!-- Recommended
Link related issues below. Insert the issue link or reference after the word "Closes" if merging this should automatically close it.
- Closes #123
- Relates #123
- Requires #123
- Superseds #123
-->
-
## Use cases
<!-- Recommended
Explain here the different behaviors that this PR introduces or modifies in this project, user roles, environment configuration, etc.
If you are familiar with Gherkin test scenarios, we recommend its usage: https://cucumber.io/docs/gherkin/reference/
-->
## Screenshots
<!-- Optional
Add here screenshots about how the project will be changed after the PR is applied. They could be related to web pages, terminal, etc, or any other image you consider important to be shared with the team.
-->
## Logs
<!-- Recommended
Paste here output logs discovered while creating this PR, such as stack traces or integration logs, or any other output you consider important to be shared with the team.
-->
Thanks a lot
system
June 20, 2023, 8:39pm
5
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
