Collectives on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Learn more
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Learn more
I am unable to find a reliable way to install elastic's packetbeat on windows. I know I'll have to download source and create my own windows package. However, all instructions are outdated and are from before it moved to elastic's domain.
Anyone know how to compile this package for windows?
–
–
Download and install WinPcap from this
page
. WinPcap is a library that uses a driver to enable packet capturing.
Download the Packetbeat Windows zip file from
here
.
Extract the contents of the zip file into C:\Program Files.
Rename the packetbeat--windows directory to Packetbeat.
Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select Run As Administrator). If you are running Windows XP, you may need to download and install PowerShell.
Run the following commands to install Packetbeat as a Windows service:
PS > cd 'C:\Program Files\Packetbeat'
PS C:\Program Files\Packetbeat> .\install-service-packetbeat.ps1
If script execution is disabled on your system, you need to set the execution policy for the current session to allow the script to run. For example: PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-packetbeat.ps1.
Before starting Packetbeat, you should look at the configuration options in the configuration file, for example C:\Program Files\Packetbeat\packetbeat.yml or /etc/packetbeat/packetbeat.yml
Here is the
link
to the documentation of installing packetbeat on windows.
–
–
Note:
winpcap.dll is required for packetbeat to function on a windows machine. WinPCap itself isn't currently supported, so the current best practice is to use npcap in winpcap compatibility mode instead.
See this section of the Packetbeat FAQ
You can download npcap's installer
here
.
The command line call to install npcap (version 0.86) in winpcap compatibility mode is:
npcap-0.86.exe /winpcap_mode=yes
The silent install would be:
npcap-0.86.exe /S /winpcap_mode=yes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.