0

I am using elastic stack of version 7.5.1 with x-pack installed and i'm getting the following error when i trying to run packetbeat.

Please help me solve it. 

2020-01-08T11:56:23.202+0530    ERROR   instance/beat.go:916    Exiting: Sniffer main loop failed: Error starting sniffer: any: You don't have permission to capture on that device (socket: Operation not permitted)
Exiting: Sniffer main loop failed: Error starting sniffer: any: You don't have permission to capture on that device (socket: Operation not permitted)
Vamsi Krishna
  • 71
  • 2
  • 10
  • Seems like the user running packetbeat lacks in proper permissions? What user is running the beat? – ibexit Jan 08 '20 at 18:09
  • are you refering to the elastic x-pack users or my linux login users ? – Vamsi Krishna Jan 10 '20 at 07:17
  • The linux user. If you have a daemon, the daemon user then. Check if this error persists when you start the beat as root - only for the verification, not as a long term solution – ibexit Jan 10 '20 at 08:39

1 Answers1

0

Start Pakcketbeat with Root access. It will solve this permission problem.

It is obvious from error:

 Error starting sniffer: any: You don't have permission to capture on that device (socket: Operation not permitted

That the current user does not have permission to capture socket activities.

Umar Hayat
  • 4,300
  • 1
  • 12
  • 27