Menu Close

Moloch Upgrade

Moloch Upgrade

  • Authors: Tomáš Mokoš, Miroslav Kohútik

Upgrading Moloch to the latest version is not possible from all versions. Some older versions require installation of newer versions in an exact order.

Upgrading to Moloch 1.1.0

The oldest version of Moloch we have had in active use was version 0.50.
Upgrading Moloch from version 0.50 to version 1.0 and higher requires reindexing of all session data due to the large changes introduced in version 1.0. Reindexing is done in the background after upgrading, so there is little downtime before the server is back online.

Major changes in version 1.0 include:

  • All the field names have been renamed and analyzed fields have been removed.
  • Country codes are being changed from 3 characters to 2 characters.
  • Tags will NOT be migrated if added before 0.14.1.
  • IPv6 is fully supported and uses the Elasticsearch ip type.

Download the version 1.1.0 installation package

Add execute permissions for the package:

chmod +x moloch_1.1.0-1_amd64.deb

Stop all Moloch instances:

service molochcapture stop
service molochviewer stop

Install Moloch v1.1.0:

dpkg -i moloch_1.1.0-1_amd64.deb

Run /data/moloch/bin/moloch_update_geo.sh on all nodes, this will download and update the mmdb style maxmind files.

Run db.pl http://localhost:9200 upgrade , to upgrade the database.

Start the Moloch instances:

service molochcapture start
service molochviewer start

If an issue occurs with starting the instances, check the capture and viewer logs located in /data/moloch/logs/capture.log a /data/moloch/logs/viewer.log.

Upgrading to Moloch 1.5.3 and higher

Note – To upgrade to Moloch 1.5 and higher, you need Moloch version 1.0 or 1.1 (1.1.1 is recommended). Also, all reindexing operations must be finished.

Stop capture and viewer:

service molochcapture stop
service molochviewer stop

Download the version 1.5.3 installation package

Add execute permissions for the package:

chmod +x moloch_1.5.3-1_amd64.deb
dpkg -i moloch_1.5.3-1_amd64.deb

For clean installation use:

/data/moloch/db.pl http://localhost:9200 init

If you want upgrade only:

/data/moloch/db.pl http://localhost:9200 upgrade

If you chose clean installation, you need to add Moloch user again because the init script removes all Moloch users:

/data/moloch/bin/moloch_add_user.sh admin "Admin User" THEPASSWORD --admin

Start the offline monitoring directory:

exec /data/moloch/bin/moloch-capture -c /data/moloch/etc/config.ini --host moloch3 -m -R /data/moloch/monitor/

Start the viewer:

service molochviewer start

Check the logs if an issue with starting occurs:

/data/moloch/logs/capture.log
/data/moloch/logs/viewer.log

Source:
Moloch FAQ – Upgrading Moloch

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.