Menu Close

Moloch – Installation

  • Authors : Tomáš Mokoš, Marek Brodec
  • Tested version : 0.20.0
  • Operating system : Ubuntu 14.04.5

Note: this guide is obsolete, for a more up-to-date version visit Moloch v1.7.0 – Installation

Installation of Moloch is no trivial matter, that is why we have prepared this guide on how to set up the system in cloud environment. The server obtains an IP address dynamically through DHCP, therefore no editing of the interface configuration file is required.

First add Java repositories and install the Java package.

add-apt-repository ppa:webupd8team/java 
apt-get install oracle-java8-installer 

Install additional necessary packages.

apt-get install wget curl libpcre3-dev uuid-dev libmagic-dev pkg-config g++ flex bison zlib1g-dev libffi-dev gettext libgeoip-dev make libjson-perl libbz2-dev libwww-perl libpng-dev xz-utils libffi-dev 

Download Node.js, version 6.x is recommended, since version 8.x is not currently supported.

curl -sL | sudo -E bash – 
sudo apt-get install -y nodejs 

Download and install Elasticsearch.

sudo dpkg -i elasticsearch-5.5.3.deb

Copy Moloch to your server.

git clone 

Install using the available script.


Previous versions required editing of firewall rules.

iptables -A INPUT -m tcp -p tcp --dport 8005 -j ACCEPT 
iptables -A INPUT -m udp -p udp --dport 8005 -j ACCEPT 
iptables -A OUTPUT -m tcp -p tcp --sport 8005 -j ACCEPT 
iptables -A OUTPUT -m udp -p udp --sport 8005 -j ACCEPT 
iptables -A INPUT -m tcp -p tcp --dport 9200 -j ACCEPT 
iptables -A INPUT -m udp -p udp --dport 9200 -j ACCEPT 
sudo su -c 'iptables-save > /etc/iptables/rules.v4' 

The following commands will install other necessary files for capture host and configure the listening interface of the system. When asked whether to install Elasticsearch choose no, since you have already installed Elasticsearch earlier and this script offers only the demo version.

make install 
make config 

Go to the Viewer directory, update Node.js and run account creation script.

cd /data/moloch/viewer 
npm update 
/data/moloch/bin/ admin "Admin User" PASSWORD --admin 

Create symlink in Viewer directory.

ln -sf /usr/bin/nodejs node 

Start the individual components.

service elasticsearch start 
service molochcapture start
service molochviewer start

Provided you have done everything right so far, you should be able to access the web interface at http://IPADDRESSOFINTERFACE:8005


  • Github Information about Moloch
Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.