Packetbeat on Win2016 Core

antwan · January 28, 2018, 1:22pm

Hey,

I am trying to deploy Packetbeat 6.1.2 on a Windows 2016 Standard Core using Ansible. I install WinPcap using the win_chocolatey module in Ansible, and then Packetbeat calling the supplied powershell-script. I use the default packetbeat.yml, with the exception of changing the packet.interfaces.device to either of my interfaces listed when I run netsh interface ipv4 show interfaces. I presume its the Idx value I should use? I get a non-descriptive error in powershell when I try Start-Service packetbeat.

No logs gets generated in C:\ProgramData\packetbeat\logs, the packetbeat folder does not even get created. In the Eventlog System I get 2 entries per attempt:
One timeout waiting for the packetbeat to connect, and one with a generic event about timely fashion.

Nothing exists outside this Windows host, but surely the service should start without valid output hosts?

antwan · January 28, 2018, 2:29pm

Tried the Windows 2016 with the whole GUI, and not the semi-GUI that exists in Core, and that gave me a "nice" dialog box stating I didn´t have a wpcap.dll when I tried packetbeat.exe -e -d "*". After a manualchoco install winpcap --force packetbeat spun up nicely.

system · February 25, 2018, 2:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Packetbeat doesn't start on windonws Beats	7	2440	July 5, 2017
Mass deployment Beats packetbeat	5	501	October 31, 2019
Packetbeat 7.x not working on Windows Beats packetbeat	8	236	February 23, 2024
Windows - packetbeat service failed to start Beats packetbeat	15	10249	July 5, 2017
No stdout and logs from Packetbeat Beats packetbeat	1	345	February 16, 2021

Packetbeat on Win2016 Core

Related topics