Customer Firewall Configuration

Note: If users want to modify the above-provided ports to run on non-default ports, please refer here to make use of docker port forwarding:

Browser Requirements: Chrome, Safari

Software Requirements

• Ubuntu 22.04

• Docker needs to be installed.

• python3 for running helper scripts.

• Download the Kibana installation scripts from here

• Copy the tar to the Kibana server and extract using the below command

aviz@npbsrv01:~/OPB_Arkime$ tar -zxvf OPB_Kibana.tar.gz 
OPB_Kibana/
OPB_Kibana/stop.sh
OPB_Kibana/kibana.tar.gz
OPB_Kibana/start.sh
aviz@npbsrv01:~/OPB_Arkime$  

• Move to the extracted folder

• Execute the ‘start.sh’ script, the script will perform the following actions

  1. Start the Kibana node on port 5601

  2. Connect to the ES Storage node on port 9200

• Open URL http://<Kibana-server-ip>:5601/ from your favourite browser

• Create Kibana Dashboards

• Download the Arkime installation scripts from here

• Copy the tar to the Arkime server and extract using the below command

• Move to the extracted folder

• Add permission to execute ‘start.sh’ and ‘stop.sh’ scripts

• Execute the ‘start.sh’ script, the script will perform the following actions

  1. Start Local ES storage node on port 9200

  2. Setup directories for PCAP and Log capture

• Open URL http://<arkime-server-ip>:8005/ from your favourite browser and enter the below credentials

  • User: admin

  • Password: admin

The packet stream to Arkime will be fed by Aviz OPBNOS, providing the capability to filter, load-balance and aggregate traffic from network taps.

Arkime is a large-scale, open-source, indexed packet capture and search system that augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access.

Arkime uses Elasticsearch (ES) as its backend data store for storing and indexing network traffic data. Elasticsearch is designed for fast indexing and searching of large volumes of data. It also provides a flexible query language that allows users to easily search and filter data based on various criteria, such as IP addresses, ports, protocols, and time ranges while also being highly scalable and can handle large volumes of data across multiple nodes in a cluster.

Kibana is a free and open frontend application that sits on top of Elasticsearch(ES), providing search and data visualization capabilities for data indexed in Elasticsearch. Kibana is a data visualization and management tool for Elasticsearch that provides real-time histograms, line graphs, pie charts, and maps. Kibana also includes advanced applications such as Canvas, which allows users to create custom dynamic infographics based on their data, and Elastic Maps for visualizing geospatial data.

Aviz OPBNOS provides a highly scalable, flexible and affordable solution to aggregate, filter and load balance network traffic from hardware or virtual TAPs to connected tools for analysis and visualization.

It provides line rate traffic forwarding using switching ASIC by configuring flow paths between two or multiple ports, By leveraging the OPBNOS solution, enterprises can quickly be scaled up or down to meet the ever-changing demands of network visibility and security tools.

• Download the latest build of OPBNOS from

Components

Open Network Operating System

If the UI is not accessible,

Check the docker status

Check that Arkime and ES docker are running and the status is ‘UP’ if any of the dockers is not visible. Try running the ‘start.sh’ with the correct permissions, if the issue is not resolved try

Check that Elasticsearch is running and the status is ‘green’

Try restarting the dockers

when Arkime is unable to connect correctly with Elasticsearch the Arkime UI may not be reachable

Check that UI is reachable by visiting http://arkime-hostname:8005 from your browser

If ES keeps restarting after a system reboot

Add the vm.max_map_count setting to a sysctl configuration file to make the change persistent across reboots:

1. Open the sysctl configuration file /etc/sysctl.conf using a text editor with root privileges: bash

1. Add the following line to the end of the file:

Save and close the file

1. To apply the changes, either reboot your system or run the following command to reload the sysctl settings:

Changing ES port

If port 9002 is used by another service running on the server, it can be changed in the ‘start.sh’ script before execution

Port format: “Global port:Local port”

Using your favourite text editor, change the ‘Global ports’ to any available and accessible port, also update the same port in the ‘ES_PORT’ attribute.

Changing Arkime Password

Log in to the Web GUI and navigate to User> admin_user ⚙️>Password, enter ‘admin’ as the current password and set a new password for the admin user.

Changing Kibana Port

If port 5601 is used by another service running on the server, it can be changed in the ‘start.sh’ script before execution

also if the ES port was changed, the same can be edited here with the ES node IP.

Stopping Arkime & EC

Execute the ‘stop.sh’ script to stop & delete Arkime and EC docker containers, the script will not delete the data & es_data folder and the stored PCAPs.

Stopping Kibana

Execute the ‘stop.sh’ script to stop & delete Kibana docker containers

External Links

• OPBNOS download link -

• OPBNOS configuration guide -

• Arkime installation script -