将默认的es端口更改,并将arkime中配置的es端口更改
1.1 修改vim /etc/elasticsearch/elasticsearch.yml
vim /etc/elasticsearch/elasticsearch.yml
1.2 启动/重启es
systemctl start elasticsearch.service
systemctl restart elasticsearch.service
1.3 访问 http://127.0.0.1:9201/
1.4 查看es状态 http://localhost:9201/_cluster/health
1.5 初始化es
//es初始化/opt/arkime/db/db.pl http://localhost:9201 init
//创建Web访问账号
/opt/arkime/bin/arkime_add_user.sh admin “Moloch SuperAdmin” password –admin
//若已初始化则略过该操作
1.6 修改arkime的配置
vim /opt/arkime/etc/config.ini
配置文件可用改很多东西,官方文档说明:https://arkime.com/settings
1.7 启动/重启arkime
//启动web服务
systemctl start arkimeviewer.service
//启动抓包服务,启动不成功无法抓取到数据包systemctl start arkimecapture.service
//重启命令,如果更改时arkime没有关闭,直接执行重启命令即可systemctl restart arkimeviewer.servicesystemctl restart arkimecapture.service
1.8 访问 http://127.0.0.1:8005