Any version of packetbeat.exe version 7.x on windows returns nothing.
eg:
user> packetbeat -v
user >
The same effect is seen in powershell and cmdline, and reproduced the effect on different machines.
However removing v7.x and installing v8.x and the command works as expect.
Even running the command directly from is native folder, with a specified packetbeat.yml has the same effect - running the command returns no output.
Hi,
Try running Packetbeat with the -d "*" flag to enable debug mode, which might provide more detailed output about what's happening.
packetbeat -d "*"
Regards
Thanks for the suggestion @yago82 , however it produces the same result - no output.
I provisioned a Windows Server 2022 Datacenter system and downloaded "packetbeat-7.17.0-windows-x86_64.zip" and "packetbeat-8.12.0-windows-x86_64.zip". I did not modify the config. I did separately install winpcap.
I then invoked each with packetbeat -v -d "*"
I get the same behavior with both, no output to the command prompt but the creation of a logs folder next to the binary. The logs indicate that packetbeat is running successfully and listening to traffic.
Can you confirm you do not see a logs folder next to the binary? Is the command returning immediately and you can run other commands or do you have to control+c to exit? Did you install winpcap?
I have no logs folder showing. I do not have winpcap installed, but have Npcap installed, that I use with Wireshark.
Can you try adding -e and see if you get output to your command prompt?
packetbeat run -v --d "*" -e
This dumps all logs to stderr which does log to console for me.
-e, --e
Logs to stderr and disables syslog/file output.
If that doesn't log to console for you can you also answer the following questions?
Same result. After hitting enter, I am instantly presented with a new command line.
Windows version: Windows 11 Enterprise, 10.0.22621 Build 22621
The other machine is
Windows 11 Pro, 10.0.22621 build 22621
Both machines are always kept upto date. both have the same issue.
Can you share your config?
Can you download a fresh copy of packetbeat and run it with the default config? Do you get the same behavior?
Any other details about the windows instances like Antivirus software that might be relevant?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.