Hi Andrew. Thanks for the response! I'm talking about an old build of FC Linux (10) x86_64 - kernel 188.8.131.52-170.2.5. Unfortunately, the box was purchased as an appliance and the OS cannot be upgraded past it's current point while still keeping the capture card drivers and other software working and I no longer have support for the card (the company was sold, etc). The specific build of libpcap with support for the card that is installed on the box is 1.0. Will Packetbeat even work with this version of libpcap?
As for building my own binary, I did try going that route earlier today. I followed a guide and checked out the project from git, but I immediately ran into issues when trying to compile Packetbeat (I'm guessing related to how old this OS is and the installed packages are, but I'm not sure). The latest binary release seems to work fine on the system when capturing on the standard interfaces, though. When trying to compile, I was getting errors like "previous declaration of 'uint64_t'", etc. when doing make. And I wasn't actually sure how to dynamically link libpcap.
Would it be smarter/easier to try to do the build on a newer RH-based system and then just copy over the binary? Could I still build the binary in a dynamically linked way on a different system? Would it have to be the exact same version of libpcap? I'm not all that familiar with compiling C programs (or how to specify libraries with C flags, etc. if that's needed), but I do have a tiny bit of experience. I've also never used Go either (but that part was pretty straight-foward).
If it's worth trying, any help you could provide into how to compile Packetbeat so that libpcap is dynamically linked would be greatly appreciated.