Use packetbeat without root

(Omer Twito) #1

In my company, the Linux based servers are restricted and we don't have root privileges, therefore, I cannot start Packetbeat. The error I get is: Error creating sniffer: any: You don't have permission to capture on that device (socket: Operation not permitted)

My questions are:
(1) Is there a way to run Packetbeat without root account?
(2) What access do I need to request in order to be able to run Packetbeat? I will not get a root account, but I can submit a request to authorize my application account to get permissions to a specific location / file.

Thanks in advance,

(Steffen Siering) #2

In order to capture traffic, packetbeat requires root or at least the CAP_NET_RAW capability (maybe CAP_NET_ADMIN as well). Capabilities can be added using setcap.

(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.