Use packetbeat without root


(Omer Twito) #1

Hi,
In my company, the Linux based servers are restricted and we don't have root privileges, therefore, I cannot start Packetbeat. The error I get is: Error creating sniffer: any: You don't have permission to capture on that device (socket: Operation not permitted)

My questions are:
(1) Is there a way to run Packetbeat without root account?
(2) What access do I need to request in order to be able to run Packetbeat? I will not get a root account, but I can submit a request to authorize my application account to get permissions to a specific location / file.

Thanks in advance,
Omer.


(Steffen Siering) #2

In order to capture traffic, packetbeat requires root or at least the CAP_NET_RAW capability (maybe CAP_NET_ADMIN as well). Capabilities can be added using setcap.


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.