{"id":32574800,"url":"https://github.com/alpinebuster/arkime-docker-compose","last_synced_at":"2026-04-16T10:03:57.647Z","repository":{"id":318867425,"uuid":"1075204709","full_name":"alpinebuster/arkime-docker-compose","owner":"alpinebuster","description":"Deploy Arkime with GPU-accelerated Rust/Python parsers and custom plugins using Docker Compose.","archived":false,"fork":false,"pushed_at":"2026-04-07T12:02:09.000Z","size":7754,"stargazers_count":2,"open_issues_count":5,"forks_count":3,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-07T12:22:14.035Z","etag":null,"topics":["arkime","c","cuda","deep-neural-networks","docker","docker-compose","llm","machine-learning","networking","pcap","pcapng","python","rust","traffic-analysis"],"latest_commit_sha":null,"homepage":"https://arkime.alpinebuster.top","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alpinebuster.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-13T07:23:08.000Z","updated_at":"2026-04-07T12:02:13.000Z","dependencies_parsed_at":"2025-10-16T22:55:58.193Z","dependency_job_id":"225662ee-6302-4c9a-b779-982a3a0a1a24","html_url":"https://github.com/alpinebuster/arkime-docker-compose","commit_stats":null,"previous_names":["alpinebuster/arkime-docker-compose"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/alpinebuster/arkime-docker-compose","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alpinebuster%2Farkime-docker-compose","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alpinebuster%2Farkime-docker-compose/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alpinebuster%2Farkime-docker-compose/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alpinebuster%2Farkime-docker-compose/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alpinebuster","download_url":"https://codeload.github.com/alpinebuster/arkime-docker-compose/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alpinebuster%2Farkime-docker-compose/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31880884,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-16T09:23:21.276Z","status":"ssl_error","status_checked_at":"2026-04-16T09:23:15.028Z","response_time":69,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arkime","c","cuda","deep-neural-networks","docker","docker-compose","llm","machine-learning","networking","pcap","pcapng","python","rust","traffic-analysis"],"created_at":"2025-10-29T11:30:19.821Z","updated_at":"2026-04-16T10:03:57.643Z","avatar_url":"https://github.com/alpinebuster.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Arkime Docker Compose\n\nA Docker Compose setup for [Arkime](http://arkime.com/) that supports GPU-accelerated Python Arkime parsers and easy integration of custom plugins. The stack uses [NVIDIA Container Toolkit](https://github.com/NVIDIA/nvidia-container-toolkit) to expose GPUs to Python Arkime parsers, allowing compute-intensive parsing tasks to leverage [CUDA](https://docs.nvidia.com/cuda/index.html). The compose files and Dockerfiles are structured so you can:\n\n- enable GPU access per service with `--gpus`/runtime settings,\n- build Python Arkime parser images containing required libraries,\n- mount or install custom plugins without modifying Arkime core,\n- and run the entire stack locally or in CI with minimal changes.\n\n## Getting started\n\nUse the special hostname `host.docker.internal` for ES_OS_HOST if OpenSearch/Elasticsearch is running on the same host.\nYou may need to specify a network mode for docker, such as `--network=host`.\n\nSet environment variables to configure the container. (`ARKIME\u003e__\u003cconfig\u003e=\u003cvalue\u003e` for default section or `ARKIME_\u003csection\u003e__\u003cconfig\u003e=\u003cvalue\u003e`)\nThese variables take precedence over configuration file settings.\n\n### Dev commands\n\n\u003e REF: `https://docs.opensearch.org/latest/install-and-configure/install-opensearch/docker/`\n\u003e NOTE: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.17/bootstrap-checks-max-map-count.html]\n\nTemp -\u003e `sudo sysctl -w vm.max_map_count=262144` -\u003e `sudo reboot`\nPermanently -\u003e `sudo vi /etc/sysctl.conf` -\u003e add `vm.max_map_count=262144`, `net.core.rmem_max=134217728`, `net.core.wmem_max=134217728` -\u003e `sudo sysctl -p`\n\n```sh\ngit pull\ngit submodule update --init\n\nsudo chown -R 1000:1000 ./db\nsudo rm -rf ./db/main/os/*\nsudo rm -rf ./db/node-1/os/*\n# (Optional) Fresh start\nsudo rm -rf ./etc/.initialized\n\nsource .env\n\ndocker compose --progress=plain -f docker-compose.cuda.yml build --no-cache=true`, `docker compose --progress=plain -f docker-compose.cuda.yml --profile optional build kime-docs --no-cache=true\ndocker compose -f docker-compose.cuda.yml up -d\ndocker compose -f docker-compose.cuda.yml down\ndocker compose -f docker-compose.cuda.yml restart arkime-capture\n```\n\n### Documentation\n\n```sh\nsudo apt update\nsudo apt install -y ruby-full build-essential zlib1g-dev\n\necho '# install ruby gems to ~/gems' \u003e\u003e ~/.bashrc\necho 'export GEM_HOME=\"$HOME/gems\"' \u003e\u003e ~/.bashrc\necho 'export PATH=\"$HOME/gems/bin:$PATH\"' \u003e\u003e ~/.bashrc\nsource ~/.bashrc\n\n# gem install bundler jekyll --user-install\ngem install bundler jekyll\n\n# test\njekyll new mysite\ncd mysite\nbundle exec jekyll serve\n\nbundle install --path vendor/bundle\nbundle exec jekyll serve\n```\n\n### What kind of packet capture speeds can arkime-capture handle? \n\nOn modern commodity hardware, achieving throughput of 5 Gbps or more is easy, depending largely on the number of CPUs allocated to Arkime and the other tasks the machine is handling. The bottleneck in performance is almost always the speed of storing PCAP to disk! If your disks or RAID can't keep up, you either need to not save as much PCAP using Arkime Rules and other options, select a faster RAID configuration and disks, or give Arkime dedicate disks. For further details, refer to the Architecture and Multiple Host sections. Arkime supports the utilization of multiple threads for both packet acquisition and packet processing.\n\nA simple method to test a local RAID devicee:\n\n```sh\ndd bs=256k count=50000 if=/dev/zero of=/THE_ARKIME_PCAP_DIR/test oflag=direct\n```\n\nTo test a NAS, leave off the `oflag=direct` and make sure you test with at least 3x the amount of memory so that cache isn't a factor:\n\n```sh\ndd bs=256k count=150000 if=/dev/zero of=/THE_ARKIME_PCAP_DIR/test\n```\n\nThe output represents the maximum disk performance. If you wish to obtain a more accurate assessment, run several tests and average the results. To avoid packet loss, it's advisable to operate Arkime at no more than 80% of the maximum disk performance. For systems utilizing RAID, aiming for about 60% of this performance metric can further minimize issues, especially during RAID rebuilds. It's important to note that network throughput is typically measured in bits, whereas disk performance is gauged in bytes, requiring the conversion of these measurements for accurate comparison.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falpinebuster%2Farkime-docker-compose","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falpinebuster%2Farkime-docker-compose","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falpinebuster%2Farkime-docker-compose/lists"}