32 lines
1.1 KiB
Text
32 lines
1.1 KiB
Text
|
include::../../libbeat/docs/shared-docker.asciidoc[]
|
||
|
|
|
||
|
|
[float]
|
||
|
|
==== Required network capabilities
|
||
|
|
|
||
|
|
Under Docker, Packetbeat runs as a non-root user, but requires some privileged
|
||
|
|
network capabilities to operate correctly. Ensure that the +NET_ADMIN+
|
||
|
|
capability is available to the container.
|
||
|
|
|
||
|
|
["source","sh",subs="attributes"]
|
||
|
|
----
|
||
|
|
docker run --cap-add=NET_ADMIN {dockerimage}
|
||
|
|
----
|
||
|
|
|
||
|
|
[float]
|
||
|
|
==== Capture traffic from the host system
|
||
|
|
|
||
|
|
By default, Docker networking will connect the Packetbeat container to an
|
||
|
|
isolated virtual network, with a limited view of network traffic. You may wish
|
||
|
|
to connect the container directly to the host network in order to see traffic
|
||
|
|
destined for, and originating from, the host system. With +docker run+, this can
|
||
|
|
be achieved by specifying +--network=host+.
|
||
|
|
|
||
|
|
["source","sh",subs="attributes"]
|
||
|
|
----
|
||
|
|
docker run --cap-add=NET_ADMIN --network=host {dockerimage}
|
||
|
|
----
|
||
|
|
|
||
|
|
NOTE: On Windows and MacOS, specifying +--network=host+ will bind the
|
||
|
|
container's network interface to the virtual interface of Docker's embedded
|
||
|
|
Linux virtual machine, not to the physical interface of the host system.
|