zijundidu
commented
4 hours ago By the way, my OS version is Debian 10 and currently only see the version supported by Debian 12. So I'm also having a hard time installing the binary version of deb
Closed zijundidu closed 4 hours ago
zijundidu
commented
4 hours ago By the way, my OS version is Debian 10 and currently only see the version supported by Debian 12. So I'm also having a hard time installing the binary version of deb
awick
commented
4 hours ago These two links might help http://arkime.com/questions and http://arkime.com/docker
zijundidu
commented
3 hours ago I confirm that I've read all the official documentation, including these two: http://arkime.com/questions and http://arkime.com/docker
Unfortunately, the documentation didn't help me build an Arkime Container from scratch. Let me briefly talk about my operation and the problems I encountered.
First, I have ES-8.8.1 cluster, health and green:
I downloaded the official image: ghcr.io/arkime/arkime/arkime:v5-latest
Then I looked at the documentation:http://arkime.com/docker ,and configured docker-compose.yaml
version: '3'
services:
capture:
image: ghcr.io/arkime/arkime/arkime:v5-latest
network_mode: "host"
command: /opt/arkime/bin/docker.sh capture --update-geo
volumes:
- /home/wzj/arkime/pcap:/opt/arkime/raw
- /home/wzj/arkime/etc:/opt/arkime/etc
restart: always
container_name: arkime-capture
viewer:
image: ghcr.io/arkime/arkime/arkime:v5-latest
network_mode: "host"
command: /opt/arkime/bin/docker.sh viewer
volumes:
- /home/wzj/arkime/pcap:/opt/arkime/raw
- /home/wzj/arkime/etc:/opt/arkime/etc
restart: always
container_name: arkime-viewerI found that I needed to config.ini configuration, so I got the default configuration "release/config.ini.sample" in the 5.5.0 branch and modified it:
[default]
elasticsearch=https://user:pass@host:port
rotateIndex=daily
passwordSecret=ARKIME_PASSWORD
httpRealm=Moloch
interface=ARKIME_INTERFACE
pcapDir=ARKIME_INSTALL_DIR/raw
maxFileSizeG=12
tcpTimeout=600
tcpSaveTimeout=720
udpTimeout=30
icmpTimeout=10
maxStreams=1000000
maxPackets=10000
freeSpaceG=5%
rirFile=ARKIME_INSTALL_DIR/etc/ipv4-address-space.csv
ouiFile=ARKIME_INSTALL_DIR/etc/oui.txt
dropUser=nobody
dropGroup=daemon
parseSMTP=true
parseSMB=true
parseQSValue=false
supportSha256=false
maxReqBody=64
reqBodyOnlyUtf8=true
smtpIpHeaders=X-Originating-IP:;X-Barracuda-Apparent-Source-IP:
parsersDir=ARKIME_INSTALL_DIR/parsers
pluginsDir=ARKIME_INSTALL_DIR/plugins
spiDataMaxIndices=4
packetThreads=2
pcapWriteMethod=simple
pcapWriteSize=262143
maxESConns=30
maxESRequests=500
packetsPerPoll=50000
logEveryXPackets=100000
logUnknownProtocols=false
logESRequests=true
logFileCreation=true
[headers-http-request]
referer=type:string;count:true;unique:true
authorization=type:string;count:true
content-type=type:string;count:true
origin=type:string
[headers-http-response]
location=type:string
server=type:string
content-type=type:string;count:true
[headers-email]
x-priority=type:integer
authorization=type:stringThe directory structure is as follows:
Finally, used "docker-compose up -d" to create a container:
capture's error message:
@awick I've never built Arkime before, either binary or docker version, I thought initializing operations was automatic in docker versions, but apparently that's not the case. Is there a problem with my operation and what do I need to do next?
Hey, I'm trying to install with 5.5.0 docker and unfortunately there is no full deployment documentation to support me in installing. I have an ES8.8.1 cluster but don't know how to initialize a container after the docker image is created
If I can, I'll provide a screenshot of the error