running a local moloch server

i came across moloch at my new workplace and thought i’d run it locally and play around with it. it’s a scalable packet capture and analysis tool. it has a nice GUI, and an API to build tools with (e.g. alerting)

# install
git clone
cd moloch

# build
./ Moloch INTERNAL encryption phrase: [0mgMolochRules1] MOLOCH: Adding user admin/admin

# add/change interfaces (if needed)
gedit /data/moloch/etc/config.ini

# fix up a script that was spewing errors
gedit /data/moloch/bin/
(add) ulimit -l unlimited

# create some sketchy start/stop scripts (can’t believe some aren’t provided!!)
==== /data/moloch/bin/start
sleep 30
nohup /data/moloch/bin/ &
nohup /data/moloch/bin/ &
===== /data/moloch/bin/stop
ps -elf | grep moloch | awk -F ” ” ‘{print $4}’ | xargs kill -9

# restart moloch

# connect

# change admin password

if you hit problems, look at the files in /data/moloch/logs. everything worked ok for me after the aforementioned steps

# links

Leave a Reply

Your email address will not be published. Required fields are marked *