Use packetbeat without root

twitoomer · August 20, 2017, 8:29am

Hi,
In my company, the Linux based servers are restricted and we don't have root privileges, therefore, I cannot start Packetbeat. The error I get is: Error creating sniffer: any: You don't have permission to capture on that device (socket: Operation not permitted)

My questions are:
(1) Is there a way to run Packetbeat without root account?
(2) What access do I need to request in order to be able to run Packetbeat? I will not get a root account, but I can submit a request to authorize my application account to get permissions to a specific location / file.

Thanks in advance,
Omer.

steffens · August 20, 2017, 6:58pm

In order to capture traffic, packetbeat requires root or at least the CAP_NET_RAW capability (maybe CAP_NET_ADMIN as well). Capabilities can be added using setcap.

system · September 17, 2017, 6:59pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Packetbeat fails to start Beats packetbeat	3	2088	July 5, 2017
How to run packetbeat as non-root in Kubernetes? Beats docker , packetbeat	1	621	August 25, 2022
Packetbeat not working in Linux (requires sudo) Beats packetbeat	4	1370	July 5, 2017
Packet Beat error : You don't have permission to capture on that device Beats packetbeat	1	967	January 30, 2020
Install from source and run as non-root Beats	3	2903	July 5, 2017

Use packetbeat without root

Related topics