Check that Arkime and ES docker are running and the status is ‘UP’ if any of the dockers is not visible. Try running the ‘start.sh’ with the correct permissions, if the issue is not resolved try contacting support
when Arkime is unable to connect correctly with Elasticsearch the Arkime UI may not be reachable
Check that UI is reachable by visiting http://arkime-hostname:8005 from your browser
Add the vm.max_map_count setting to a sysctl configuration file to make the change persistent across reboots:
Open the sysctl configuration file /etc/sysctl.conf using a text editor with root privileges: bash
Add the following line to the end of the file:
Save and close the file
To apply the changes, either reboot your system or run the following command to reload the sysctl settings:
If port 9002 is used by another service running on the server, it can be changed in the ‘start.sh’ script before execution
Port format: “Global port:Local port”
Using your favourite text editor, change the ‘Global ports’ to any available and accessible port, also update the same port in the ‘ES_PORT’ attribute.
Log in to the Web GUI and navigate to User> admin_user ⚙️>Password, enter ‘admin’ as the current password and set a new password for the admin user.
If port 5601 is used by another service running on the server, it can be changed in the ‘start.sh’ script before execution
also if the ES port was changed, the same can be edited here with the ES node IP.
Execute the ‘stop.sh’ script to stop & delete Arkime and EC docker containers, the script will not delete the data & es_data folder and the stored PCAPs.
Execute the ‘stop.sh’ script to stop & delete Kibana docker containers
OPBNOS download link - https://aviznetworks.egnyte.com/fl/r4izmRT790
OPBNOS configuration guide - https://aviznetworks.gitbook.io/opbnos/
Arkime installation script - https://aviznetworks.egnyte.com/dl/HfSCF1Xr7p
Aviz support portal - https://support.aviznetworks.com/hc/en-us
Arkime official website - https://arkime.com/
