Error: A network capture driver is not available in the Log Receiver
Issue description
Users may encounter the message "Network capture driver not available" in the Log Receiver. Network capture drivers are essential for EventLog Analyzer to capture and process real-time network logs from various sources. When a driver is unavailable, users will be unable to view live log packets in the Log Receiver. Refer to the screenshot below to view the error flagged.
Possible causes
- Missing or improperly installed network capture driver files
- Insufficient administrative privileges when installing the drivers
Prerequisites
- Administrator privileges on the server hosting EventLog Analyzer
- Access to the <EventLogAnalyzer_Installation_Directory>\lib\native folder
- Command Prompt access with elevated (admin) rights
Resolution
Case 1: Automatic method (preferred)
Step 1: Navigate to the <EventLogAnalyzer_Installation_Directory>\bin directory.Step 2: Open Command Prompt with administrator privileges.Step 3: Execute the following command:
register-driver.exeStep 4: Check the console output to ensure that the driver files are copied successfully.
Case 2: Manual method (if the automatic method fails)
Step 1: Navigate to the <EventLogAnalyzer_Installation_Directory>\lib\native folder.
Step 2: Copy the following files:
- npf.sys
- wpcap.dll
- Packet.dll
Step 3: Paste npf.sys in the C:\Windows\system32\drivers\ folder.
Step 4: Paste wpcap.dll and Packet.dll in the C:\Windows\system32\ folder.
Step 5: Open the EventLog Analyzer console.
Step 6: Refresh the Log Receiver page.
Validation and testing
- Open EventLog Analyzer.
- Navigate to the Log Receiver page.
- Confirm that network logs are being captured without errors.
Tips
- Always run EventLog Analyzer installation or maintenance tasks with administrator privileges.
- After major Windows updates, verify if drivers like npf.sys are still intact.
- Maintain regular backups of the <EventLogAnalyzer_Installation_Directory> directory before upgrades or migrations.
Related topics and articles
How to reach support
If the issue persists, you can reach out to support through our official support portal or through email at eventlog-support@manageengine.com.
New to ADSelfService Plus?
Related Articles
Network device status shows 'Device not Reachable'
Issue description A network device in EventLog Analyzer will display the status "Device not Reachable" if the last message received by the EventLog Analyzer server from the device is greater than 24 hours. This message will display in the log sources ...Error: Some of the dashboard widgets show "No Data Available"
Issue description Some dashboard widgets display a "No Data Available" message, which impacts the real-time monitoring of data for the security operations center (SOC) or network operations center (NOC) team. Applicable across multiple builds, ...Log import failure during remote log collection in EventLog Analyzer
Issue description EventLog Analyzer will display an error notification in the UI stating that the log import for selected files has failed. This issue will happen when EventLog Analyzer is unable to import a file during the scheduled log import ...How to Perform Scheduled Import Log Collection in EventLog Analyzer
Objective EventLog Analyzer supports scheduled log imports from both remote paths and S3 buckets. You can enable scheduled log collection to have the application read data from the same file at regular intervals, or configure a file naming convention ...Understanding your log management solution
Key log terminologies When managing logs, there are terminologies that will help you make the most of the product in hand. Following are the list of such terms and their definitions as used in EventLog Analyzer. Agentless and agent-based log ...