search

cisagov / Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
https://cisagov.github.io/Malcolm/
Other
1.91k stars 319 forks source link

Upload upload issue #280

Closed gondmhd closed 11 months ago

gondmhd commented 1 year ago

🐛 Summary

1、Unable to upload pcap package 2、The uploaded zip file is not parsed What's wrong? Please be specific. Deploying Malcolm using k8s for v23.08.1 deployment. After deployment, it was found that the PCAP file cannot be directly uploaded. Compressing the PCAP file into a zip file can be uploaded, and the compressed file can be viewed in the container, but it has not been parsed

To reproduce

image image

Steps to reproduce the behavior:

  1. Do this
  2. Then this

Expected behavior

What did you expect to happen that didn't?

Any helpful log output or screenshots

Paste the results here:

Add any screenshots of the problem here.

mmguero commented 11 months ago

Malcolm has not supported uploading compressed PCAP files. The archives that are imported are expected to contain zeek logs (see the documentation).

Creating idaholab/Malcolm#268 to track the enhancement request.