Use packetbeat without root

twitoomer · August 20, 2017, 8:29am

Hi,
In my company, the Linux based servers are restricted and we don't have root privileges, therefore, I cannot start Packetbeat. The error I get is: Error creating sniffer: any: You don't have permission to capture on that device (socket: Operation not permitted)

My questions are:
(1) Is there a way to run Packetbeat without root account?
(2) What access do I need to request in order to be able to run Packetbeat? I will not get a root account, but I can submit a request to authorize my application account to get permissions to a specific location / file.

Thanks in advance,
Omer.

steffens · August 20, 2017, 6:58pm

In order to capture traffic, packetbeat requires root or at least the CAP_NET_RAW capability (maybe CAP_NET_ADMIN as well). Capabilities can be added using setcap.

system · September 17, 2017, 6:59pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.