Hi Team,
I trying to use Packetbeat on a windows machine.
I have placed the Packetbeat folder in c:/program file and when I start the service using the command I can see the Packetbeat service get started however I do not see any logs in the dashboard.
But I run using .\packetbeat.exe -e I see the logs in the dashboard.
Packetbeat version:7.7.0
Thanks
Guddu Prasad
Hi Guddu,
a short question about if you went through the documentation?
https://www.elastic.co/guide/en/beats/packetbeat/current/packetbeat-configuration.html
https://www.elastic.co/guide/en/beats/packetbeat/current/configuration-interfaces.html
Did you first list your network devices?
packetbeat devices
Did you check your packetbeat.yml if your setting packetbeat.interfaces.device is matching your devices your want to monitor?
How did you install the packetbeat?
https://www.elastic.co/downloads/beats/packetbeat
Did you download the ZIP or the MSI file?
What operating system exactly do you use and what Antivirus software?
Because only MSI packages have signed binaries, in case it is an issue with antivirus.
I mean we do have a fix about termination of beat services:
Can you start your service using powershell?
Get-Service packetbeat | Start-Service
What happens in the Eventlog System and Application at the same time when you start the Service?
System:
$TargetLog = "System"
$idx = (Get-EventLog -LogName $TargetLog -Newest 1).Index
while ($true)
{
Start-Sleep -Seconds 1
$idx2 = (Get-EventLog -LogName $TargetLog -newest 1).index
Get-EventLog -LogName $TargetLog -Newest ($idx2 - $idx) |
Sort-Object -Property index
$idx = $idx2
}
and Application:
$TargetLog = "Application"
$idx = (Get-EventLog -LogName $TargetLog -Newest 1).Index
while ($true)
{
Start-Sleep -Seconds 1
$idx2 = (Get-EventLog -LogName $TargetLog -newest 1).index
Get-EventLog -LogName $TargetLog -Newest ($idx2 - $idx) |
Sort-Object -Property index
$idx = $idx2
}
What happens in the packetbeat logfile? Should be normally in c:\ProgramData\packetbeat\logs\packetbeat
Get-Content c:\ProgramData\packetbeat\logs\packetbeat -Wait -Tail 10
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.