Unable to start Packbeat 7.1.1 on ELK 7.1.1

Hi Team,

Tried running below line -
C:\elkbeats\packetbeat>docker run -d e5a311b3b005 --name packetbeat --cap-add=NET_ADMIN --network=host

================================================================
C:\elkbeats\packetbeat>docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a483d2c1be25 e5a311b3b005 "/usr/local/bin/dock…" 7 seconds ago Exited (1) 5 seconds ago practical_wiles
b727fcdf5d66 docker.elastic.co/logstash/logstash:7.1.1 "/usr/local/bin/dock…" 3 hours ago Up 3 hours 0.0.0.0:5044->5044/tcp, 9600/tcp logstash
f3a9f27f1faa docker.elastic.co/kibana/kibana:7.1.1 "/usr/local/bin/kiba…" 4 hours ago Up 4 hours 0.0.0.0:5601->5601/tcp kibana
df3cdd1f2120 docker.elastic.co/elasticsearch/elasticsearch:7.1.1 "/usr/local/bin/dock…" 4 hours ago Up 4 hours 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp elasticsearch

==================================================================

C:\elkbeats\packetbeat>docker container logs --details a483d2c1be25
/usr/local/bin/docker-entrypoint: line 8: /usr/share/packetbeat/packetbeat: Operation not permitted

Please help,

Regards,
Pradeep G

The parameter ordering is wrong.

It should be:

docker run {docker params} {image} {packetbeat params}

So instead of this:

docker run -d e5a311b3b005 --name packetbeat --cap-add=NET_ADMIN --network=host

do this:

docker run -d --name packetbeat --cap-add=NET_ADMIN --network=host e5a311b3b005

It worked,

Thanks Adrian

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.