Troubleshooting
If the UI is not accessible,
Check the docker status
Check that Arkime and ES docker are running and the status is ‘UP’ if any of the dockers is not visible. Try running the ‘start.sh’ with the correct permissions, if the issue is not resolved try
Check that Elasticsearch is running and the status is ‘green’
Try restarting the dockers
when Arkime is unable to connect correctly with Elasticsearch the Arkime UI may not be reachable
Check that UI is reachable by visiting http://arkime-hostname:8005 from your browser
If ES keeps restarting after a system reboot
Add the vm.max_map_count setting to a sysctl configuration file to make the change persistent across reboots:
Open the sysctl configuration file /etc/sysctl.conf using a text editor with root privileges:
bash
Add the following line to the end of the file:
Save and close the file
To apply the changes, either reboot your system or run the following command to reload the sysctl settings:
Changing ES port
If port 9002 is used by another service running on the server, it can be changed in the ‘start.sh’ script before execution
Port format: “Global port:Local port”
Using your favourite text editor, change the ‘Global ports’ to any available and accessible port, also update the same port in the ‘ES_PORT’ attribute.
Changing Arkime Password
Log in to the Web GUI and navigate to User> admin_user ⚙️>Password, enter ‘admin’ as the current password and set a new password for the admin user.
Changing Kibana Port
If port 5601 is used by another service running on the server, it can be changed in the ‘start.sh’ script before execution
also if the ES port was changed, the same can be edited here with the ES node IP.
Stopping Arkime & EC
Execute the ‘stop.sh’ script to stop & delete Arkime and EC docker containers, the script will not delete the data & es_data folder and the stored PCAPs.
Stopping Kibana
Execute the ‘stop.sh’ script to stop & delete Kibana docker containers
OPBNOS configuration guide -
Arkime installation script -
