moloch & elasticsearch

[rayenmessaoudi]

Hi guys, i am asking how to use the same ElasticSearch host for both moloch and elasticsearch feature.

my config

[elasticsearch] enabled = yes

Comma-separated list of ElasticSearch hosts. Format is IP:PORT, if port is

missing the default port is used.

Example: hosts = 127.0.0.1:9200, 192.168.1.1:80

hosts = 127.0.0.1:9200

Increase default timeout from 10 seconds, required when indexing larger

analysis documents.

timeout = 300

Set to yes if we want to be able to search every API call instead of just

through the behavioral summary.

calls = no

Index of this Cuckoo instance. If multiple Cuckoo instances connect to the

same ElasticSearch host then this index (in Moloch called "instance") should

be unique for each Cuckoo instance.

index = cuckoo

Logging time pattern. This sets how elasticsearch creates indexes

by default it is yearly in most instances this will be sufficient

valid options: yearly, monthly, daily

index_time_pattern = yearly

Cuckoo node name in Elasticsearch to identify reporting host. Can be useful

for automation and while referring back to correct Cuckoo host.

cuckoo_node = es-node-n1

[moloch] enabled = yes

If the Moloch web interface is hosted on a different IP address than the

Cuckoo Web Interface then you'll want to override the IP address here.

host =

If you wish to run Moloch in http (insecure) versus https (secure) mode,

set insecure to yes.

insecure = yes

Following are various configurable settings. When in use of a recent version

of Moloch there is no need to change any of the following settings as they

represent the defaults.

moloch_capture = /data/moloch/bin/moloch-capture conf = /data/moloch/etc/config.ini instance = cuckoo1

[RicoVZ]

Hi Rayen,

Thanks for posting an issue.

I am not quite sure what your question is. You could configure the same Elasticsearch server for both Cuckoo and Moloch.