Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/rskntroot/arkime

Arkime on Docker with role based on entrypoint script. (Roles: Viewer, Capture, Import)
https://github.com/rskntroot/arkime

Last synced: 2 months ago
JSON representation

Arkime on Docker with role based on entrypoint script. (Roles: Viewer, Capture, Import)

Host: GitHub
URL: https://github.com/rskntroot/arkime
Owner: rskntroot
Created: 2021-01-08T07:44:59.000Z (about 4 years ago)
Default Branch: main
Last Pushed: 2022-02-04T23:13:59.000Z (almost 3 years ago)
Last Synced: 2024-05-29T08:19:34.904Z (8 months ago)
Language: Shell
Size: 94.7 KB
Stars: 3
Watchers: 2
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # Docker Arkime v3.3.1-1

Arkime on Docker with container role based on entrypoint scripts 

## Run the Project

> Project requires directories in /opt/docker

````

mkdir -p /opt/docker

cd /opt/docker

git init

git clone https://github.com/rskntroot/arkime

cd /opt/docker/arkime

docker build . -t arkime:3.3.1-1

docker-compose up -d

````

> Copy .pcap files into the directory /opt/docker/arkime/import/., these files will be imported automatically

##### Prerequisites: 

- ubuntu:20.04

- elasticsearch:7.17.0

- traefik:v2.6.0 (in progress)

## Access

> Arkime is available over http port 80 (default) through a webbrowser.

> Arkime's authentication is turned off by default.

## Available roles

##### Viewer

| Type | Field | Value | optional |

| ------ | ------ | ------ |------|

| ENV | OFFLOAD_AUTH | false | true |

| ENV | ARKIME_USER | root | true |

| ENV | ARKIME_PSWD | arkime-pswd | true |

| ENV | ES_HOST | elasticsearch | false | 

| VOLUME | /opt/docker/arkime/log/ | /opt/arkime/local/log/ | false |

| ENTRYPOINT | | /opt/arkime/local/bin/viewer.sh | false |

##### Import

| Type | Field | Value | optional |

| ------ | ------ | ------ |------|

| ENV | OFFLOAD_AUTH | false | true |

| ENV | ARKIME_USER | root | true |

| ENV | ARKIME_PSWD | arkime-pswd | true |

| ENV | ES_HOST | elasticsearch | false |

| ENV | ARKIME_VIEWER | viewer | false |

| VOLUME | /opt/docker/arkime/log/ | /opt/arkime/local/log/ | false |

| VOLUME | /opt/docker/arkime/import | /import | false |

| ENTRYPOINT | | /opt/arkime/local/bin/import.sh | false | 

## View logs

> After running docker-compose the /opt/arkime/local/log/ directory will appear with component logs.

```sh

$ docker logs -f arkime_viewer_1

$ docker logs -f arkime_import_1

$ docker logs -f arkime_elasticsearch_1

```

## Default Login Credentials

| Username | Password | 

| ------ | ------ |

| root |  arkime-pswd |

## Future Additions

- Enable [ Arkime Capture ]

- Enable peristent storage for ELASTICSEARCH (ES)

- Add tolerance with multi-node ES

- Tie in a Kibana node

- Push docker node stats into ElasticSearch

- Port project to Kubernetes

- Enable autoTLS with letsEncrypt

- ...

- Possibly messing with netsniff-ng or pcap++ to push pcap to any capture node from any host.

- Profit?