Installing Arkime

• Download the Arkime installation scripts from here

• Copy the tar to the Arkime server and extract using the below command

aviz@npbsrv01:~/OPB_Arkime$ tar -zxvf OPB_Analyzer.tar.gz 
OPB_Analyzer/
OPB_Analyzer/stop.sh
OPB_Analyzer/elasticsearch.tar
OPB_Analyzer/start.sh
OPB_Analyzer/arkime.tar
aviz@npbsrv01:~/OPB_Arkime$ 

• Move to the extracted folder

aviz@npbsrv01:~/OPB_Arkime$ cd OPB_Analyzer/
aviz@npbsrv01:~/OPB_Arkime/OPB_Analyzer$ ls -l
total 1208660
-rw------- 1 ravi ravi 620387328 Dec 23 04:15 arkime.tar
-rw------- 1 ravi ravi 617262080 Dec 23 04:16 elasticsearch.tar
-rwxrwxr-x 1 ravi ravi      1403 Dec 23 05:21 start.sh
-rwxrwxr-x 1 ravi ravi       160 Dec 23 04:43 stop.sh
aviz@npbsrv01:~/OPB_Arkime/OPB_Analyzer$ 

• Add permission to execute ‘start.sh’ and ‘stop.sh’ scripts

aviz@npbsrv01:~/OPB_Arkime/OPB_Analyzer$ sudo chmod +x start.sh
[sudo] password for aviz:
aviz@npbsrv01:~/OPB_Arkime/OPB_Analyzer$ sudo chmod +x stop.sh
aviz@npbsrv01:~/OPB_Arkime/OPB_Analyzer$

• Execute the ‘start.sh’ script, the script will perform the following actions

  1. Start Local ES storage node on port 9200

  2. Setup directories for PCAP and Log capture

  3. Ask the user for Interfaces to capture data on

  4. Start the Arkime container

aviz@npbsrv01:~/OPB_Arkime/OPB_Analyzer$ sudo ./start.sh 
Loading docker images...
Loaded image: avizdock/docker-arkime:latest
Loaded image: docker.elastic.co/elasticsearch/elasticsearch:7.17.3
Enter Semicolon ";" separated list of interfaces to listen for live traffic: enp130s0f1
vm.max_map_count = 262144
f07938f9e08183c763791733cda1bd19664675b44269fa7bc7e8d800001156b8
18f93340d929695b81915bebf8ed4a275439a25c4542a33944f093115facc17c
Access Arkime Viewer at:
http://<host>:8005
username: admin
password: admin

aviz@npbsrv01:~/OPB_Arkime/OPB_Analyzer$

Arkime uses Elasticsearch(ES) for indexing and searching, So ES must be installed before starting Arkime.

• Open URL http://<arkime-server-ip>:8005/ from your favourite browser and enter the below credentials

  • User: admin

  • Password: admin