Start Packetbeat
Stack
Before starting Packetbeat:
- Follow the steps in Quick start: installation and configuration to install, configure, and set up the Packetbeat environment.
- Make sure Kibana and Elasticsearch are running.
- Make sure the user specified in
packetbeat.ymlis authorized to publish events.
To start Packetbeat, run:
sudo service packetbeat start
Note
If you use an init.d script to start Packetbeat, you canβt specify command line flags (see Command reference). To specify flags, start Packetbeat in the foreground.
Also see Packetbeat and systemd.
sudo service packetbeat start
Note
If you use an init.d script to start Packetbeat, you canβt specify command line flags (see Command reference). To specify flags, start Packetbeat in the foreground.
Also see Packetbeat and systemd.
sudo chown root packetbeat.yml
sudo ./packetbeat -e
- Youβll be running Packetbeat as root, so you need to change ownership of the configuration file, or run Packetbeat with
--strict.perms=falsespecified. See Config File Ownership and Permissions.
sudo chown root packetbeat.yml
sudo ./packetbeat -e
- Youβll be running Packetbeat as root, so you need to change ownership of the configuration file, or run Packetbeat with
--strict.perms=falsespecified. See Config File Ownership and Permissions.
PS C:\Program Files\packetbeat> Start-Service packetbeat
The default location where Windows log files are stored varies:
-
Stack
C:\Program Files\Packetbeat-Data\logs -
Stack
C:\ProgramData\packetbeat\logs