Arkime: erinevus redaktsioonide vahel

Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
(Uus lehekülg: '===Sissejuhatus=== TODO ===Tööpõhimõte=== TODO ===Misc=== <pre> # cat br-arkime.sh ovs-vsctl -- set Bridge vmbr0 mirrors=@m100,@m103 \ -- --id=@enp4s0 get Port enp4s0...')
 
Resümee puudub
 
(ei näidata sama kasutaja 2 vahepealset redaktsiooni)
6. rida: 6. rida:
   
 
TODO
  
TODO
  +
  +
===Paigaldamine===
  +
  +
Kopeerimine aadressilt https://arkime.com/
  +
  +
# apt-get install /
  +
  +
elasticsearch indeksid
  +
  +
<pre>
  +
root@arkime:~# curl -X GET 'http://localhost:9200/_cat/indices?v'
  +
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
  +
green open arkime_lookups_v30 FGw_xJPoTs-jvz4DjxS1Pg 1 0 0 0 208b 208b
  +
green open arkime_sequence_v30 f8tUoA-fRrCZymYIgdf38g 1 0 1 2 46.1kb 46.1kb
  +
green open arkime_queries_v30 okT70OfMRtyPITC2PWp9Ww 1 0 0 0 208b 208b
  +
green open arkime_users_v30 8HnSt20gSb2NxXFeIA-XIA 1 0 1 0 57.1kb 57.1kb
  +
green open arkime_dstats_v30 RJA3vHVrQriP8En6FncXHw 2 0 58 0 42kb 42kb
  +
green open arkime_files_v30 U5bv7llBTtSFu57hvX-L-w 2 0 4 0 26.8kb 26.8kb
  +
green open arkime_fields_v30 MJw-MM1lQHGX2gpDdMsi4A 1 0 351 33 157.9kb 157.9kb
  +
green open arkime_sessions3-220319 sBg0H5c3S4qkX4MPHUgprA 1 0 1174 0 4.3mb 4.3mb
  +
green open arkime_stats_v30 RYO8pUy2SbWzO-Kb1rzRJg 1 0 1 65 314.5kb 314.5kb
  +
green open arkime_history_v1-22w11 njg8liv8R3yfZV_vyFo8Mw 1 0 33 0 100.7kb 100.7kb
  +
green open arkime_hunts_v30 1JMhkbhLTMaIrHY_Zt6sgQ 1 0 0 0 208b 208b
  +
</pre>
   
 
===Misc===
  
===Misc===
  +
  +
====Proxmox host peal mirrori haldamine====
  +
  +
Kahe mirrori tekitamine
   
 
<pre>
  
<pre>
22. rida: 50. rida:
 
select-dst-port=@enp2s0 select-src-port=@enp2s0 \
  
select-dst-port=@enp2s0 select-src-port=@enp2s0 \
 
output-port=@tap103i1
  
output-port=@tap103i1
  +
</pre>
  +
  +
Mirror tekitamine
  +
  +
<pre>
  +
# cat br-arkime.sh
  +
ovs-vsctl -- set Bridge vmbr0 mirrors=@m141 \
  +
-- --id=@enp7s0 get Port enp7s0 \
  +
-- --id=@tap141i1 get Port tap141i1 \
  +
-- --id=@m141 create Mirror name=arkime \
  +
select-dst-port=@enp7s0 select-src-port=@enp7s0 \
  +
output-port=@tap141i1
  +
</pre>
  +
  +
Kõigi mirrorite eemaldamine
  +
  +
# ovs-vsctl clear bridge vmbr0 mirrors
  +
  +
====Proxmox guest peal mirrori kasutamine====
  +
  +
Virtuaalses arvutis mirrorist osa saamiseks
  +
  +
* tekitada täiendav E1000 draiveriga võrguliides
  +
* öelda
  +
  +
<pre>
  +
root@arkime:~# cat start-arkime.sh
  +
ifconfig enp6s19 up
  +
ethtool -G enp6s19 rx 2048 tx 2048
  +
</pre>
  +
  +
Tulemusena on liiklus
  +
  +
<pre>
  +
root@arkime:~# tcpdump -nei enp6s19
 
</pre>
  
</pre>
   

Viimane redaktsioon: 19. märts 2022, kell 21:51

Sissejuhatus

TODO

Tööpõhimõte

TODO

Paigaldamine

Kopeerimine aadressilt https://arkime.com/ 

# apt-get install /

elasticsearch indeksid 

root@arkime:~# curl -X GET 'http://localhost:9200/_cat/indices?v'
health status index                   uuid                   pri rep docs.count docs.deleted store.size pri.store.size
green  open   arkime_lookups_v30      FGw_xJPoTs-jvz4DjxS1Pg   1   0          0            0       208b           208b
green  open   arkime_sequence_v30     f8tUoA-fRrCZymYIgdf38g   1   0          1            2     46.1kb         46.1kb
green  open   arkime_queries_v30      okT70OfMRtyPITC2PWp9Ww   1   0          0            0       208b           208b
green  open   arkime_users_v30        8HnSt20gSb2NxXFeIA-XIA   1   0          1            0     57.1kb         57.1kb
green  open   arkime_dstats_v30       RJA3vHVrQriP8En6FncXHw   2   0         58            0       42kb           42kb
green  open   arkime_files_v30        U5bv7llBTtSFu57hvX-L-w   2   0          4            0     26.8kb         26.8kb
green  open   arkime_fields_v30       MJw-MM1lQHGX2gpDdMsi4A   1   0        351           33    157.9kb        157.9kb
green  open   arkime_sessions3-220319 sBg0H5c3S4qkX4MPHUgprA   1   0       1174            0      4.3mb          4.3mb
green  open   arkime_stats_v30        RYO8pUy2SbWzO-Kb1rzRJg   1   0          1           65    314.5kb        314.5kb
green  open   arkime_history_v1-22w11 njg8liv8R3yfZV_vyFo8Mw   1   0         33            0    100.7kb        100.7kb
green  open   arkime_hunts_v30        1JMhkbhLTMaIrHY_Zt6sgQ   1   0          0            0       208b           208b

Misc

Proxmox host peal mirrori haldamine

Kahe mirrori tekitamine 

# cat br-arkime.sh
ovs-vsctl -- set Bridge vmbr0 mirrors=@m100,@m103 \
  -- --id=@enp4s0 get Port enp4s0 \
  -- --id=@enp2s0 get Port enp2s0 \
  -- --id=@tap100i1 get Port tap100i1 \
  -- --id=@tap103i1 get Port tap103i1 \
  -- --id=@m100 create Mirror name=arkime \
  select-dst-port=@enp4s0 select-src-port=@enp4s0 \
  output-port=@tap100i1 \
  -- --id=@m103 create Mirror name=arkimetk \
  select-dst-port=@enp2s0 select-src-port=@enp2s0 \
  output-port=@tap103i1

Mirror tekitamine 

# cat br-arkime.sh 
ovs-vsctl -- set Bridge vmbr0 mirrors=@m141 \
  -- --id=@enp7s0 get Port enp7s0 \
  -- --id=@tap141i1 get Port tap141i1 \
  -- --id=@m141 create Mirror name=arkime \
  select-dst-port=@enp7s0 select-src-port=@enp7s0 \
  output-port=@tap141i1

Kõigi mirrorite eemaldamine 

# ovs-vsctl clear bridge vmbr0 mirrors

Proxmox guest peal mirrori kasutamine

Virtuaalses arvutis mirrorist osa saamiseks

  • tekitada täiendav E1000 draiveriga võrguliides
  • öelda
root@arkime:~# cat start-arkime.sh 
ifconfig enp6s19 up
ethtool -G enp6s19 rx 2048 tx 2048

Tulemusena on liiklus 

root@arkime:~# tcpdump -nei enp6s19

Kasulikud lisamaterjalid

  • TODO
Pärit leheküljelt "https://www.auul.pri.ee/wiki/index.php?title=Arkime&oldid=180"