running a local moloch server

i came across moloch at my new workplace and thought i’d run it locally and play around with it. it’s a scalable packet capture and analysis tool. it has a nice GUI, and an API to build tools with (e.g. alerting)

# install
git clone https://github.com/aol/moloch.git
cd moloch

# build
./easybutton-singlehost.sh Moloch INTERNAL encryption phrase: [0mgMolochRules1] MOLOCH: Adding user admin/admin

# add/change interfaces (if needed)
gedit /data/moloch/etc/config.ini
interface=eth0;wlp3s0

# fix up a script that was spewing errors
gedit /data/moloch/bin/run_capture.sh
(add) ulimit -l unlimited

# create some sketchy start/stop scripts (can’t believe some aren’t provided!!)
==== /data/moloch/bin/start
#!/bin/bash
/data/moloch/bin/run_es.sh
sleep 30
nohup /data/moloch/bin/run_capture.sh &
nohup /data/moloch/bin/run_viewer.sh &
===== /data/moloch/bin/stop
#!/bin/bash
ps -elf | grep moloch | awk -F ” ” ‘{print $4}’ | xargs kill -9

# restart moloch
/data/moloch/bin/stop
/data/moloch/bin/start

# connect
https://localhost:8005/
(admin/admin)

# change admin password
https://localhost:8005/settings?userId=admin

if you hit problems, look at the files in /data/moloch/logs. everything worked ok for me after the aforementioned steps

# links
https://github.com/aol/moloch
https://github.com/aol/moloch/wiki/API

Leave a Reply

Your email address will not be published. Required fields are marked *