Uhlobo olusha lwe-Arkime 3.1 (ebekade lwaziwa ngeMoloch) selukhishiwe

Darkcrizt

Imizuzu ye-4

Muva nje kwamenyezelwa ukwethulwa kohlelo lokuthwebula, isitoreji samaphakethe wenethiwekhi kanye nenkomba I-Arkime 3.1, enikezela ngamathuluzi wokuhlola ukubonwa kokuhamba kwezimoto futhi useshe imininingwane ephathelene nomsebenzi wenethiwekhi.

Iphrojekthi yasungulwa okokuqala yi-AOL ngenhloso yokwakha okungena esikhundleni okuvulekile nokusetshenziswayo yamapulatifomu wokucubungula amaphakethe wenethiwekhi kumaseva awo angasikala ukusingatha ithrafikhi ngejubane lamashumi ama-gigabits ngomzuzwana.

Mayelana ne-Arkime

Kulabo abangayazi i-Arkime, ake ngikutshele lokho phambilini obekwaziwa njengoMoloki eyayiyithuluzi lamathuluzi lokuthwebula nokukhomba ithrafikhi ngefomethi ejwayelekile ye-PCAP futhi inikezela ngamathuluzi wokufinyelela ngokushesha kumininingwane enenkomba. Ukusebenzisa ifomethi ye-PCAP kwenza kube lula ukuhlanganiswa nabahlaziyi bezimoto abakhona njenge-Wireshark. Inani ledatha eligcinwe likhawulelwe kuphela ngosayizi we-disk array etholakalayo. Imethadatha yeseshini ikhonjwe kuqoqo olususelwa kunjini ye-Elasticsearch.

Ukuhlaziya imininingwane eqoqiwe, kuhlongozwa isikhombimsebenzisi sewebhu esivumela ukuphequlula, ukusesha nokuthumela amasampula. Isixhumi esibonakalayo sewebhu sinikela ngezindlela ezahlukahlukene zokubonisa: kusuka ezibalweni ezijwayelekile, amamephu wokuxhuma kanye namagrafu abukwayo anedatha ekushintsheni komsebenzi wenethiwekhi kuya kumathuluzi wokufunda amaseshini ngamanye, ukuhlaziya umsebenzi kumongo wamaphrothokholi asetshenzisiwe nokuhlaziya idatha kusuka ezindaweni zokulahla ze-PCAP.

I-API inikezwa futhi ukuvumela izinhlelo zokusebenza zenkampani yangaphandle ukuthi zidlulise idatha yamaphakethe athunjiwe ngefomethi ye-PCAP nezikhathi ezihlukanisiwe ngefomethi ye-JSON.

I-Arkime Inezinto ezintathu eziyisisekelo:

  1. I-Traffic Capture System wuhlelo lwe-C olunemibhalo eminingi yokuqapha ithrafikhi, ukubhala okulahlwa yi-PCAP kudiski, ukuhlaziya amaphakethe athathiwe, nokuthumela imethadatha yeseshini (I-Stateful Packet Inspection) (SPI) kanye nezivumelwano kuqoqo le-Elasticsearch. Isitoreji esibethelwe samafayela e-PCAP kungenzeka.
  2. Isixhumi esibonakalayo sewebhu esisuselwa kupulatifomu yeNode.js esebenza kuseva ngayinye yokubamba ithrafikhi futhi iphatha izicelo ezihlobene nokufinyelela kudatha enenkomba nokudlulisa amafayela we-PCAP nge-API.
  3. Isitolo semethadatha esisuselwa ku-Elasticsearch.

Izinto ezintsha ezintsha ze-Arkime 3.1

Kule nguqulo entsha ekhishwe olunye lwezinguquko ezibaluleke kakhulu olugqamile ushintsho lwegama lephrojekthi, ngoba njengoba ngenhla ngiphawule ngale phrojekthi Phambilini bekuyaziwa ngokuthi yiMoloch futhi onjiniyela baphawula ukuthi iphrojekthi ithole ukukhula kanye noshintsho olukhulu futhi babecabanga ukuthi kwakuyisikhathi esihle sokushintsha igama libe yi-Arkime. 

Olunye ushintsho olugqamile yi isikhombimsebenzisi esisha ngokuphelele sokumiswa kweWISE, ukudala nokuvuselela imithombo ye-WISE nezibalo ze-WISE. Leli ithuluzi elisha elinamandla lokusiza abasebenzisi ukuthi baqale nge-WISE noma bathuthukise insiza yabo ye-WISE ngaphandle kokuchitha isikhathi ekucushweni noma kumafayili womthombo.

Ngaphezu kwalokho, futhi kuveza ukuthi ukusekelwa kwe-IETF QUIC, GENEVE, VXLAN-GPE protocols kungeziweNgaphezu kwalokho, kungezwe ukusekelwa kohlobo lwe-Q-in-Q (Double VLAN), oluvumela ukufaka amathegi e-VLAN kumathegi ezinga lesibili ukukhulisa inani lama-VLAN liye ezigidini eziyi-16.

Kwezinye izinguquko ezigqamile:

  • Kungezwe ukusekelwa kohlobo lwenkambu "entantayo".
  • Umbhali we-Amazon Elastic Compute Cloud uthuthele ekusebenziseni umthetho olandelwayo we-IMDSv2 (Instance Metadata Service).
  • Ikhodi ephinda yenze ukwengeza imigudu ye-UDP.
  • Kungezwe ukusekelwa kwe-elasticsearchAPIKey ne-elasticsearchBasicAuth.

Ekugcineni, uma unentshisekelo yokwazi okwengeziwe ngale nguqulo entsha, ungaxhumana nemininingwane Kulesi sixhumanisi esilandelayo.

Thola i-Arkime

Kulabo abanentshisekelo yokukwazi ukuthola le nsiza, kufanele bazi ukuthi ikhodi yento yokubamba ithrafikhi ibhalwe ku-C futhi isikhombimsebenzisi senziwa kuNode.js / JavaScript. Ikhodi yomthombo isatshalaliswa ngaphansi kwelayisense le-Apache 2.0. Ukusebenza ku-Linux ne-FreeBSD kuyasekelwa.

Amaphakeji alungile yi-Arch, CentOS ne-Ubuntu elungile futhi ingatholakala kusuka kusixhumanisi esingezansi.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.