Arkime: erinevus redaktsioonide vahel
Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
Resümee puudub |
Resümee puudub |
||
| 12. rida: | 12. rida: | ||
# apt-get install / |
# apt-get install / |
||
| + | |||
| + | elasticsearch indeksid |
||
| + | |||
| + | <pre> |
||
| + | root@arkime:~# curl -X GET 'http://localhost:9200/_cat/indices?v' |
||
| + | health status index uuid pri rep docs.count docs.deleted store.size pri.store.size |
||
| + | green open arkime_lookups_v30 FGw_xJPoTs-jvz4DjxS1Pg 1 0 0 0 208b 208b |
||
| + | green open arkime_sequence_v30 f8tUoA-fRrCZymYIgdf38g 1 0 1 2 46.1kb 46.1kb |
||
| + | green open arkime_queries_v30 okT70OfMRtyPITC2PWp9Ww 1 0 0 0 208b 208b |
||
| + | green open arkime_users_v30 8HnSt20gSb2NxXFeIA-XIA 1 0 1 0 57.1kb 57.1kb |
||
| + | green open arkime_dstats_v30 RJA3vHVrQriP8En6FncXHw 2 0 58 0 42kb 42kb |
||
| + | green open arkime_files_v30 U5bv7llBTtSFu57hvX-L-w 2 0 4 0 26.8kb 26.8kb |
||
| + | green open arkime_fields_v30 MJw-MM1lQHGX2gpDdMsi4A 1 0 351 33 157.9kb 157.9kb |
||
| + | green open arkime_sessions3-220319 sBg0H5c3S4qkX4MPHUgprA 1 0 1174 0 4.3mb 4.3mb |
||
| + | green open arkime_stats_v30 RYO8pUy2SbWzO-Kb1rzRJg 1 0 1 65 314.5kb 314.5kb |
||
| + | green open arkime_history_v1-22w11 njg8liv8R3yfZV_vyFo8Mw 1 0 33 0 100.7kb 100.7kb |
||
| + | green open arkime_hunts_v30 1JMhkbhLTMaIrHY_Zt6sgQ 1 0 0 0 208b 208b |
||
| + | </pre> |
||
===Misc=== |
===Misc=== |
||
Viimane redaktsioon: 19. märts 2022, kell 21:51
Sissejuhatus
TODO
Tööpõhimõte
TODO
Paigaldamine
Kopeerimine aadressilt https://arkime.com/
# apt-get install /
elasticsearch indeksid
root@arkime:~# curl -X GET 'http://localhost:9200/_cat/indices?v' health status index uuid pri rep docs.count docs.deleted store.size pri.store.size green open arkime_lookups_v30 FGw_xJPoTs-jvz4DjxS1Pg 1 0 0 0 208b 208b green open arkime_sequence_v30 f8tUoA-fRrCZymYIgdf38g 1 0 1 2 46.1kb 46.1kb green open arkime_queries_v30 okT70OfMRtyPITC2PWp9Ww 1 0 0 0 208b 208b green open arkime_users_v30 8HnSt20gSb2NxXFeIA-XIA 1 0 1 0 57.1kb 57.1kb green open arkime_dstats_v30 RJA3vHVrQriP8En6FncXHw 2 0 58 0 42kb 42kb green open arkime_files_v30 U5bv7llBTtSFu57hvX-L-w 2 0 4 0 26.8kb 26.8kb green open arkime_fields_v30 MJw-MM1lQHGX2gpDdMsi4A 1 0 351 33 157.9kb 157.9kb green open arkime_sessions3-220319 sBg0H5c3S4qkX4MPHUgprA 1 0 1174 0 4.3mb 4.3mb green open arkime_stats_v30 RYO8pUy2SbWzO-Kb1rzRJg 1 0 1 65 314.5kb 314.5kb green open arkime_history_v1-22w11 njg8liv8R3yfZV_vyFo8Mw 1 0 33 0 100.7kb 100.7kb green open arkime_hunts_v30 1JMhkbhLTMaIrHY_Zt6sgQ 1 0 0 0 208b 208b
Misc
Proxmox host peal mirrori haldamine
Kahe mirrori tekitamine
# cat br-arkime.sh ovs-vsctl -- set Bridge vmbr0 mirrors=@m100,@m103 \ -- --id=@enp4s0 get Port enp4s0 \ -- --id=@enp2s0 get Port enp2s0 \ -- --id=@tap100i1 get Port tap100i1 \ -- --id=@tap103i1 get Port tap103i1 \ -- --id=@m100 create Mirror name=arkime \ select-dst-port=@enp4s0 select-src-port=@enp4s0 \ output-port=@tap100i1 \ -- --id=@m103 create Mirror name=arkimetk \ select-dst-port=@enp2s0 select-src-port=@enp2s0 \ output-port=@tap103i1
Mirror tekitamine
# cat br-arkime.sh ovs-vsctl -- set Bridge vmbr0 mirrors=@m141 \ -- --id=@enp7s0 get Port enp7s0 \ -- --id=@tap141i1 get Port tap141i1 \ -- --id=@m141 create Mirror name=arkime \ select-dst-port=@enp7s0 select-src-port=@enp7s0 \ output-port=@tap141i1
Kõigi mirrorite eemaldamine
# ovs-vsctl clear bridge vmbr0 mirrors
Proxmox guest peal mirrori kasutamine
Virtuaalses arvutis mirrorist osa saamiseks
- tekitada täiendav E1000 draiveriga võrguliides
- öelda
root@arkime:~# cat start-arkime.sh ifconfig enp6s19 up ethtool -G enp6s19 rx 2048 tx 2048
Tulemusena on liiklus
root@arkime:~# tcpdump -nei enp6s19
Kasulikud lisamaterjalid
- TODO
