I am trying to add the Network Packet Capture integration to an agent but it's not working at all.
The machine is a windows host, and it's managed from a fleet. I've looked into the logs but there isn't any pertinent information that could help me solve this.
Here's what the cli shows:
PS C:\WINDOWS\system32> & 'C:\Program Files\Elastic\Agent\elastic-agent.exe' status
┌─ fleet
│ └─ status: (HEALTHY) Connected
└─ elastic-agent
├─ status: (DEGRADED) 1 or more components/units in a failed state
└─ packet-default
├─ status: (FAILED) Failed: pid '12060' exited with code '1'
├─ packet-default
│ └─ status: (FAILED) Failed: pid '12060' exited with code '1'
└─ packet-default-packet-network-3b488958-d190-450e-97a4-4237a3b2444d
└─ status: (FAILED) Failed: pid '12060' exited with code '1'
And here's a log entry (they all give the same level of information):
{"log.level":"error","@timestamp":"2025-02-19T09:08:31.943Z","log.origin":{"function":"github.com/elastic/elastic-agent/internal/pkg/agent/application/coordinator.(*Coordinator).watchRuntimeComponents","file.name":"coordinator/coordinator.go","file.line":645},"message":"Component state changed packet-default (STARTING->FAILED): Failed: pid '28532' exited with code '1'","log":{"source":"elastic-agent"},"component":{"id":"packet-default","state":"FAILED","old_state":"STARTING"},"ecs.version":"1.6.0"}
Has anyone dealt with this before? Is there anything else I can do to troubleshoot this? Are there more detailed logs somewhere?
Any help would be greatly appreciated.