一、版本问题
| Name | Version | Min upgrade from | ES Versions | Special Instructions | Notes |
| Arkime | 2.7+ | 2.0.0 | 7.4+ (7.9.0+ recommended, 7.7.0 broken) | ES 7 instructions | |
| Moloch | 2.2+ | 1.7.0 (1.8.0 recomended) | 6.8.2+ (6.8.6+ recommended), 7.1+ (7.8.0+ recommended, 7.7.0 broken) | Moloch 2.0 instructions | Must already be on 6.8.x or 7.1+ before upgrading to 2.2 |
| Moloch | 2.0, 2.1 | 1.7.0 (1.8.0 recomended) | 6.7, 6.8, 7.1+ | Moloch 2.0 instructions | Must already be on ES 6.7 or 6.8 (ES 6.8.6 recommended) before upgrading to 2.0 |
| Moloch | 1.8 | 1.0.0 (1.1.x recommended) | 5.x or 6.x | ES 6 instructions | Must have finished the 1.x reindexing, stop captures for best results |
| Moloch | 1.1.1 | 0.20.2 (0.50.1 recommended) | 5.x or 6.x (new only) | Instructions | Must be on ES 5 already |
| Moloch | 0.20.2 | 0.18.1 (0.20.2 recomended) | 2.4, 5.x | ES 5 instructions |
参照 arkime.com/faq,要注意Arkime(moloch)和ES的版本,在实际安装的过程,还要特别留意jdk的版本
二、moloch安装后,常用到的几个命令
1、检查 ES结点是否正常工作
在安装本机进行检查时,执行
ps –ef|grep java
ps –ef|grep elasticsearch
在远端主机进行检查时,执行
curl http://ES节点IP:9200/_cat/health
在重启ES时,要注意不要使用root用户,如果坚持用root用户启动ES,那需要在配置文件中进行修改
2、新安装的moloch一定要重新配置、初始化和设置用户名口令,切换到普通用户后执行,
moloch安装目录/bin/Configure
moloch安装目录/db/db.pl http://ES节点IP:9200 init
moloch安装目录/bin/moloch_add_user.sh admin admin admin --admin
设置用户名 口令 为 admin admin