I've installed the RPM version of packetbeat 1.0.1 (latest) and no pf_ring module is compiled.
Do you have a RPM version of it? Do I need to compile the project? If only compiled version is available do I need extra configuration?
Best regards
pf_ring is a kernel module. So this message is referring to fact that pf_ring is not compiled in to the kernel.
http://www.ntop.org/products/packet-capture/pf_ring/ has documentation on how to install the module.
I have it compiled and running 
[root@]# lsmod
Module Size Used by
iptable_filter 1826 0
ip_tables 17500 1 iptable_filter
x_tables 23371 2 ip_tables,iptable_filter
configfs 25261 0
dca 7178 0
ptp 12547 0
pps_core 8362 1 ptp
pf_ring 704682 0
ipv6 371773 30
binfmt_misc 7136 1
x86_pkg_temp_thermal 5747 0
crc32_pclmul 3109 0
crc32c_intel 13350 0
firmware_class 12818 0
ext4 568296 2
crc16 1723 1 ext4
jbd2 102882 1 ext4
mbcache 9260 1 ext4
aesni_intel 161915 0
aes_x86_64 7843 1 aesni_intel
glue_helper 5424 1 aesni_intel
lrw 4190 1 aesni_intel
gf128mul 7935 1 lrw
ablk_helper 3061 1 aesni_intel
cryptd 10247 2 aesni_intel,ablk_helper
dm_mirror 14078 0
dm_region_hash 11365 1 dm_mirror
dm_log 9515 2 dm_region_hash,dm_mirror
dm_mod 101315 2 dm_log,dm_mirrorI was completely wrong on that one. Sorry. 
I should have checked the code first. Packetbeat does need compiled with pf_ring support and the release build doesn't do this. When building you have set the havepfring tag (go build -tags havepfring) and need to have the pf_ring headers installed.
Can you open a bug in the elastic/beats project for this.
1 Like
Thanks !!!!