Arkimeインストール

その他

 


OS: Amazon Linux2 ( ami-078296f82eb463377) 

インスタンスタイプ: t3.medium (2vCPU,4GiB)

インストールするもの: 

httpd
Arkime
Docker
Docker Compose
ElasticSearch


-- 1. EC2インスタンス作成

-- 2. セキュリティグループ設定
下記通信を許可する

TCP 22   MYIP
TCP 80   MYIP
TCP 443  MYIP
TCP 5601 MYIP
TCP 8005 MYIP
TCP 9200 MYIP

-- 3. Webサーバインストール

sudo yum -y install httpd
sudo systemctl start httpd
sudo systemctl status httpd
sudo systemctl enable httpd

http://192.0.2.1


-- 4. Arkimeインストール
https://arkime.com/downloads
からCentos7用rpmをダウンロードしEC2へ転送

sudo yum localinstall arkime-3.4.2-1.x86_64.rpm


-- 5. Dockerインストール

sudo yum -y install docker
sudo systemctl start docker
sudo systemctl status docker
sudo systemctl enable docker
sudo usermod -a -G docker ec2-user


-- 6. Docker Composeインストール

sudo wget https://github.com/docker/compose/releases/download/v2.9.0/docker-compose-linux-x86_64
sudo mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose
sudo chmod 755 /usr/local/bin/docker-compose


-- 7. ElasticSearchインストール

vim docker-compose.yml

version: "3"
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.17.5
    volumes:
      - "./es-data:/usr/share/elasticsearch/data"
    ports:
      - 9200:9200
    environment:
      - discovery.type=single-node
      - xpack.security.enabled=true
      - ELASTIC_PASSWORD=elastic

  kibana:
    image: docker.elastic.co/kibana/kibana:7.17.5
    environment:
      ELASTICSEARCH_HOSTS: http://elasticsearch:9200
    ports:
      - 5601:5601

 

mkdir ./es-data
chmod 755 ./es-data
sudo /usr/local/bin/docker-compose up -d
sudo /usr/local/bin/docker-compose ps


-- 8. Arkimeの設定

sudo su -
cd /opt/arkime/bin
./Configure

eth0
no
http://elastic:elastic@localhost:9200
password
no

cat /opt/arkime/etc/config.ini

/opt/arkime/db/db.pl http://elastic:elastic@localhost:9200 init

/opt/arkime/bin/arkime_add_user.sh admin "Admin User" 'password' --admin


touch /opt/arkime/etc/ipv4-address-space.csv
touch /opt/arkime/etc/oui.txt

systemctl restart arkimecapture.service
systemctl restart arkimeviewer.service

systemctl status arkimecapture.service
systemctl status arkimeviewer.service

cat  /opt/arkime/logs/viewer.log
cat  /opt/arkime/logs/capture.log


http://192.0.2.1:8005

admin
password