Hey,
I am trying to deploy Packetbeat 6.1.2 on a Windows 2016 Standard Core using Ansible. I install WinPcap using the win_chocolatey module in Ansible, and then Packetbeat calling the supplied powershell-script. I use the default packetbeat.yml, with the exception of changing the packet.interfaces.device to either of my interfaces listed when I run netsh interface ipv4 show interfaces. I presume its the Idx value I should use? I get a non-descriptive error in powershell when I try Start-Service packetbeat.
No logs gets generated in C:\ProgramData\packetbeat\logs, the packetbeat folder does not even get created. In the Eventlog System I get 2 entries per attempt:
One timeout waiting for the packetbeat to connect, and one with a generic event about timely fashion.
Nothing exists outside this Windows host, but surely the service should start without valid output hosts?