{"id":4323,"date":"2019-02-21T13:51:22","date_gmt":"2019-02-21T12:51:22","guid":{"rendered":"https:\/\/nil.uniza.sk\/?p=4323"},"modified":"2021-03-19T10:46:06","modified_gmt":"2021-03-19T09:46:06","slug":"arkime-installation","status":"publish","type":"post","link":"https:\/\/nil.uniza.sk\/en\/arkime-installation\/","title":{"rendered":"Moloch\/Arkime- Installation"},"content":{"rendered":"<h1>Installation of Moloch\/Arkime<\/h1>\n<ul>\n<li><strong>Author<\/strong>&nbsp;: Miroslav Koh\u00fatik<\/li>\n<li><strong>Tested version<\/strong> : 1.7.0<\/li>\n<li><strong>Operating system<\/strong> : Ubuntu 16.04<\/li>\n<\/ul>\n<p>Installation of Moloch is no trivial matter, that is why we have prepared this guide on how to set up the system in cloud environment.<\/p>\n<h2>Setup before installation<\/h2>\n<p>Before installing Moloch itself, you need to install the Elasticsearch database and make the following changes in configuration of the operating system.<\/p>\n<p>Add Java repository<\/p>\n<pre><code>sudo add-apt-repository ppa:webupd8team\/java <\/code><\/pre>\n<p>Perform an update of the list of packages and packages themselves to the latest versions<\/p>\n<pre><code>sudo apt-get update -y &amp;&amp; sudo apt-get upgrade -y<\/code><\/pre>\n<p>Download and install the public GPG signing key<\/p>\n<pre><code>wget -qO - https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch | sudo apt-key add -<\/code><\/pre>\n<p>Add Elastic Repository<\/p>\n<pre><code>echo \"deb https:\/\/artifacts.elastic.co\/packages\/5.x\/apt stable main\" | sudo tee -a \/etc\/apt\/sources.list.d\/elastic-5.x.list<\/code><\/pre>\n<p>Perform another package update<\/p>\n<pre><code>sudo apt-get update -y &amp;&amp; sudo apt-get upgrade -y &amp;&amp; sudo apt-get dist-upgrade -y <\/code><\/pre>\n<p>Clean-up (Optional)<\/p>\n<pre><code>sudo apt-get autoremove<\/code><\/pre>\n<p>Disable swap<\/p>\n<pre><code>sudo swapoff -a\nsudo nano \/etc\/fstab<\/code><\/pre>\n<p>Edit fstab &#8211; comment out the following:<\/p>\n<pre><code>#\/dev\/mapper\/logs--vg-swap_1 none     swap   sw      0     0<\/code><\/pre>\n<p>or<\/p>\n<pre><code>#\/dev\/mapper\/user--vg-swap_1 none     swap   sw      0     0\n<\/code><\/pre>\n<p>Install Java 8<code><\/code><\/p>\n<pre><code>sudo apt-get install oracle-java8-installer<\/code><code><\/code><\/pre>\n<p>Install Elasticsearch<code><\/code><\/p>\n<pre><code>sudo apt-get install elasticsearch<\/code><code><\/code><\/pre>\n<h3>Install Moloch\/Arkime<\/h3>\n<p>Install additional necessary packages<\/p>\n<pre><code>sudo apt-get install wget curl libpcre3-dev uuid-dev libmagic-dev pkg-config g++ flex bison zlib1g-dev libffi-dev gettext libgeoip-dev make libjson-perl libbz2-dev libwww-perl libpng-dev xz-utils libffi-dev<\/code><\/pre>\n<p>Download the&nbsp; newest version of Moloch\/Arkime <a href=\"https:\/\/arkime.com\/downloads\" target=\"_blank\" rel=\"noopener\">(Arkime downloads)<\/a><\/p>\n<pre><code>wget https:\/\/files.molo.ch\/builds\/ubuntu-16.04\/moloch_1.7.0-1_amd64.deb<\/code><\/pre>\n<p>Install Moloch<\/p>\n<p>Note: when asked whether or not to install Elasticsearch choose <strong>no<\/strong>, since you have already installed Elasticsearch earlier and this script offers only the demo version.<\/p>\n<pre><code>sudo dpkg -i moloch_1.7.0-1_amd64.deb<\/code><\/pre>\n<p>Install dependencies (If the previous step halts due to errors)<\/p>\n<pre><code>sudo apt-get -f install<\/code><\/pre>\n<h3>Configure Moloch\/Arkime<\/h3>\n<p>Start Elasticsearch on startup<\/p>\n<pre><code>sudo systemctl enable elasticsearch.service<\/code><\/pre>\n<p>Configure Elasticsearch (OPTIONAL) (Configure as needed [max RAM allocation is 32GB])<\/p>\n<p>It is recommended Elasticsearch be installed on a separate machine<\/p>\n<pre><code>sudo nano \/etc\/elasticsearch\/jvm.options<\/code><\/pre>\n<p>Start Elasticsearch<\/p>\n<pre><code>sudo systemctl start elasticsearch.service<\/code><\/pre>\n<p>Check Elasticsearch Status<\/p>\n<pre><code>sudo systemctl status elasticsearch.service<\/code><\/pre>\n<p>To configure Moloch, you can either download a configuration file from <a href=\"https:\/\/github.com\/aol\/moloch\/wiki\/Settings\">https:\/\/github.com\/aol\/moloch\/wiki\/Settings<\/a> or you can configure Moloch yourself using the following two commands<\/p>\n<p>Before configuring Moloch manually, delete the config.ini file from \/data\/moloch\/etc\/<\/p>\n<pre><code>sudo rm \/data\/moloch\/etc\/config.ini <\/code><\/pre>\n<p>Configure Moloch as needed<\/p>\n<pre><code>sudo \/data\/moloch\/bin\/Configure<\/code><\/pre>\n<p>Initialize Elasticsearch Database<\/p>\n<pre><code>sudo \/data\/moloch\/db\/db.pl http:\/\/localhost:9200 init<\/code><\/pre>\n<p>Install and update npm<\/p>\n<pre><code>sudo apt install npm\nnpm update<\/code><\/pre>\n<p>Add Moloch User<\/p>\n<pre><code>sudo \/data\/moloch\/bin\/moloch_add_user.sh admin admin PASSWORDGOESHERE --admin<\/code><\/pre>\n<p>Start Moloch Capture Service<\/p>\n<pre><code>sudo systemctl start molochcapture.service<\/code><\/pre>\n<p>Check Moloch Capture Service status<\/p>\n<pre><code>sudo systemctl status molochcapture.service<\/code><\/pre>\n<p>Start Moloch Viewer Service<\/p>\n<pre><code>sudo systemctl start molochviewer.service<\/code><\/pre>\n<p>Check Moloch Viewer Service status<\/p>\n<pre><code>sudo systemctl status molochviewer.service<\/code><\/pre>\n<p>Provided you have done everything right so far, you should be able to access the web interface at <a href=\"http:\/\/IPADDRESSOFINTERFACE:8005\">http:\/\/IPADDRESSOFINTERFACE:8005<\/a><\/p>\n<h3>Sources:<\/h3>\n<ul>\n<li><a href=\"https:\/\/github.com\/aol\/moloch\">Github<\/a> Information about Moloch<\/li>\n<li><a href=\"http:\/\/moloch.3ilson.com\/\">Moloch Initial Install<\/a><\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Installation of Moloch\/Arkime Author&nbsp;: Miroslav Koh\u00fatik Tested version : 1.7.0 Operating system : Ubuntu 16.04 Installation of Moloch is no trivial matter, that is why we have prepared this guide on how to set up the system in cloud environment. Setup before installation Before installing Moloch itself, you need to install the Elasticsearch database and&#8230;<\/p>","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[872],"tags":[884,874,886],"class_list":["post-4323","post","type-post","status-publish","format-standard","hentry","category-network-security-moloch-en","tag-installation-of-moloch","tag-moloch","tag-moloch-installation"],"taxonomy_info":{"category":[{"value":872,"label":"Moloch"}],"post_tag":[{"value":884,"label":"installation of Moloch"},{"value":874,"label":"Moloch"},{"value":886,"label":"Moloch installation"}]},"featured_image_src_large":false,"author_info":{"display_name":"Miroslav Koh\u00fatik","author_link":"https:\/\/nil.uniza.sk\/en\/author\/miroslav-kohutik\/"},"comment_info":6,"category_info":[{"term_id":872,"name":"Moloch","slug":"network-security-moloch-en","term_group":0,"term_taxonomy_id":870,"taxonomy":"category","description":"","parent":707,"count":14,"filter":"raw","cat_ID":872,"category_count":14,"category_description":"","cat_name":"Moloch","category_nicename":"network-security-moloch-en","category_parent":707}],"tag_info":[{"term_id":884,"name":"installation of Moloch","slug":"installation-of-moloch","term_group":0,"term_taxonomy_id":882,"taxonomy":"post_tag","description":"","parent":0,"count":2,"filter":"raw"},{"term_id":874,"name":"Moloch","slug":"moloch","term_group":0,"term_taxonomy_id":872,"taxonomy":"post_tag","description":"","parent":0,"count":10,"filter":"raw"},{"term_id":886,"name":"Moloch installation","slug":"moloch-installation","term_group":0,"term_taxonomy_id":884,"taxonomy":"post_tag","description":"","parent":0,"count":2,"filter":"raw"}],"_links":{"self":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts\/4323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/comments?post=4323"}],"version-history":[{"count":0,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts\/4323\/revisions"}],"wp:attachment":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/media?parent=4323"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/categories?post=4323"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/tags?post=4323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}