0

I am unable to find a reliable way to install elastic's packetbeat on windows. I know I'll have to download source and create my own windows package. However, all instructions are outdated and are from before it moved to elastic's domain.

Anyone know how to compile this package for windows?

Shannon Duncan
  • 178
  • 1
  • 12
  • 1
    The [windows docs](https://github.com/elastic/packetbeat/blob/master/docs/windows.asciidoc) were recently updated. If they don't work, you should probably file and issue there. – JimB Jul 06 '15 at 17:15
  • @JimB ah ok. I didn't see that. However their download link doesn't have the windows packages. I'll file with them. – Shannon Duncan Jul 06 '15 at 17:59

2 Answers2

1
  • Download and install WinPcap from this page. WinPcap is a library that uses a driver to enable packet capturing.
  • Download the Packetbeat Windows zip file from here.
  • Extract the contents of the zip file into C:\Program Files.
  • Rename the packetbeat--windows directory to Packetbeat.
  • Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select Run As Administrator). If you are running Windows XP, you may need to download and install PowerShell.

  • Run the following commands to install Packetbeat as a Windows service:

  • PS > cd 'C:\Program Files\Packetbeat'

  • PS C:\Program Files\Packetbeat> .\install-service-packetbeat.ps1

  • Note

    If script execution is disabled on your system, you need to set the execution policy for the current session to allow the script to run. For example: PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-packetbeat.ps1.

  • Before starting Packetbeat, you should look at the configuration options in the configuration file, for example C:\Program Files\Packetbeat\packetbeat.yml or /etc/packetbeat/packetbeat.yml

Here is the link to the documentation of installing packetbeat on windows.

rresol
  • 323
  • 4
  • 20
  • While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - [From Review](/review/low-quality-posts/12971993) – Richard Telford Jul 11 '16 at 18:40
  • I have updated the answer now , please let me know if you face some problems with it. – rresol Jul 11 '16 at 18:49
0

Follow the instructions on this page to install packetbeat on your windows machine.

Note:

winpcap.dll is required for packetbeat to function on a windows machine. WinPCap itself isn't currently supported, so the current best practice is to use npcap in winpcap compatibility mode instead. See this section of the Packetbeat FAQ

You can download npcap's installer here.

The command line call to install npcap (version 0.86) in winpcap compatibility mode is:

npcap-0.86.exe /winpcap_mode=yes

The silent install would be:

npcap-0.86.exe /S /winpcap_mode=yes
BobbyA
  • 2,090
  • 23
  • 41