CODEWITHSUNDEEP
windowsgithubelasticsearchgopacketbeat
Shannon Duncan
Shannon Duncan

Reputation: 178

Installing PacketBeat on Windows

I am unable to find a reliable way to install elastic's packetbeat on windows. I know I'll have to download source and create my own windows package. However, all instructions are outdated and are from before it moved to elastic's domain.

Anyone know how to compile this package for windows?

Upvotes: 0

Views: 4050

Answers (2)

BobbyA
BobbyA

Reputation: 2260

Follow the instructions on this page to install packetbeat on your windows machine.

Note:

winpcap.dll is required for packetbeat to function on a windows machine. WinPCap itself isn't currently supported, so the current best practice is to use npcap in winpcap compatibility mode instead. See this section of the Packetbeat FAQ

You can download npcap's installer here.

The command line call to install npcap (version 0.86) in winpcap compatibility mode is:

npcap-0.86.exe /winpcap_mode=yes

The silent install would be:

npcap-0.86.exe /S /winpcap_mode=yes

Upvotes: 0

rresol
rresol

Reputation: 353

  • Download and install WinPcap from this page. WinPcap is a library that uses a driver to enable packet capturing.
  • Download the Packetbeat Windows zip file from here.
  • Extract the contents of the zip file into C:\Program Files.
  • Rename the packetbeat--windows directory to Packetbeat.
  • Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select Run As Administrator). If you are running Windows XP, you may need to download and install PowerShell.

  • Run the following commands to install Packetbeat as a Windows service:

  • PS > cd 'C:\Program Files\Packetbeat'

  • PS C:\Program Files\Packetbeat> .\install-service-packetbeat.ps1

  • Note

    If script execution is disabled on your system, you need to set the execution policy for the current session to allow the script to run. For example: PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-packetbeat.ps1.

  • Before starting Packetbeat, you should look at the configuration options in the configuration file, for example C:\Program Files\Packetbeat\packetbeat.yml or /etc/packetbeat/packetbeat.yml

Here is the link to the documentation of installing packetbeat on windows.

Upvotes: 1

Related Questions