wget https://mirror.ghproxy.com/https://github.com/arkime/arkime/releases/download/v4.3.0/arkime-4.3.0-1.el9.x86_64.rpm

yum install -y perl-libwww-perl perl-JSON perl-LWP-Protocol-https

rpm -i arkime-4.3.0-1.el9.x86_64.rpm

cat /opt/arkime/README.txt

ifconfig

/opt/arkime/bin/Configure

systemctl start elasticsearch.service
# 开机自启
systemctl enable elasticsearch.service
netstat -lnp | grep 9200

/opt/arkime/db/db.pl http://127.0.0.1:9200 init

/opt/arkime/bin/arkime_add_user.sh cbtdadmin "Admin User" fuzak0uling --admin

systemctl start arkimecapture.service
systemctl start arkimeviewer.service
systemctl enable arkimecapture.service
systemctl enable arkimeviewer.service

netstat -lnp | grep 8005

cat /opt/arkime/logs/viewer.log
cat /opt/arkime/logs/capture.log

# 出现 bug 查看 seLinux 开关

getenforce

# 主机防火墙配置

firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.x.x.x" port port=8005 protocol="tcp" accept'
firewall-cmd --runtime-to-permanent

wget " https://mirror.ghproxy.com/https://raw.githubusercontent.com/wireshark/wireshark/master/manuf"
mv manuf /opt/arkime/etc/oui.txt

wget "https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.csv"
vi /opt/arkime/bin/arkime_update_geo.sh
mv ipv4-address-space.csv /opt/arkime/etc/

systemctl restart arkimecapture.service

crontab -e
    0 0 * * * /opt/arkime/db/db.pl 127.0.0.1:9200 expire daily 60

curl -X PUT "http://127.0.0.1:9200/_cluster/settings?pretty" -H 'Content-Type: application/json' -d'
{
"persistent": {
"cluster.routing.allocation.disk.watermark.low": "90gb",
"cluster.routing.allocation.disk.watermark.high": "50gb",
"cluster.routing.allocation.disk.watermark.flood_stage": "10gb",
"cluster.info.update.interval": "1m"
}
}'

vi /opt/arkime/etc/config.ini
freeSpaceG=200