Welcome to the Arkime Simplified Setup! This project aims to simplify the process of setting up Arkime, which can be daunting for brand-new network analysts. Unlike the traditional Arkime build, this repository provides a streamlined approach using Docker Compose and environment variables.
·
Report Bug
·
Request Feature
Table of Contents
The simplified setup process reduces the barriers for entry, making it accessible for network analysts of all experience levels. With just a few adjustments, you'll have a fully functional Arkime environment tailored to your needs.
By modifying the environment variables in the docker-compose file, you can easily customize and configure your Arkime cluster. This flexibility allows you to effortlessly wipe the cluster, change the password, and even switch between different versions of Arkime.
Get started with Arkime Simplified Setup today and experience the power of Arkime without the complexities of the traditional setup. Empower yourself as a network analyst and dive into the world of network traffic analysis with ease.
To get a local copy up and running follow these simple example steps.
Before you begin, ensure that you have the following dependencies installed:
- docker
NOTE: To avoid using sudo for docker activities, add your username to the Docker Group
sudo apt install docker-ce -g
sudo usermod -aG docker ${USER}
- Clone the repo
git clone https://github.com/StrackVibes/Arkime.git
- Set the memory requirements for the Elasticsearch instance.
sudo sysctl -w vm.max_map_count=262144
- (Optional) Change environment variables in docker-compose.yml
nano ./docker-compose.yml
- Run docker
docker compose up -d
To make the most of Arkime, follow these steps:
- Access the Interface: Open your preferred web browser and navigate to the following URL:
http://localhost:8005
- Login with your username and password. Defaults listed below:
Username: admin Password: password
For tool usage, please refer to the Arkime Documentation
| NAME | DEFAULT VALUE | NOTES |
|---|---|---|
| INITALIZEDB | true | Make this true on the first execution and false every other time |
| ARKIME_PASSWORD | password | To connect admin use on the web interface |
| WIPEDB | true | Erases all data |
| ARKIME_VERSION | 5.5.1 | According to Arkime version nomenclature |
| UBUNTU_VERSION | 2004_amd64 | The version of Ubuntu base container |
| ES_HOST | elasticsearch | Should use elasticsearch or localhost depending on network type |
| ES_PORT | 9200 | Elastic search port in elastic search container or exposed in any server |
| ARKIME_INTERFACE | eth0 | Network interface to listen |
| CAPTURE | off | Uses the capture interface to collect traffic |
| VIEWER | on | Can be utilized via port 8005 |
| CONT3XT | on | Can be utilized via port 3218 |
| WISE | on | Turns plugin on/off |
- Create one-stop shop
- Add Wise tags
- Cont3xt valueactions
- Easy pcap injest script
See the open issues for a full list of proposed features (and known issues).
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the MIT License. See LICENSE.txt for more information.
Shane Strack - @INshane09
Project Link: https://github.com/StrackVibes/Arkime