Ukukhutshwa kwenkqubo yokubamba, ukugcina kunye nesalathisi iipakethi zenethiwekhi I-Arkime 3.1 ilungiselelwe, ibonelela ngezixhobo zokuvavanya ngokubonakalayo ukuhamba kwezithuthi kunye nokukhangela ulwazi olunxulumene nomsebenzi wenethiwekhi. Le projekthi yaphuhliswa ekuqaleni yi-AOL ngenjongo yokudala ukutshintshwa okuvulekileyo kunye nokuthunyelwa kwiplatifomu yokuthengisa ipakethe yenethiwekhi, ekwazi ukunyusa ukucubungula i-traffic ngesantya samashumi eegigabhithi ngomzuzwana. Ikhowudi yecandelo lokubamba i-traffic ibhalwe kwi-C, kwaye i-interface iphunyezwe kwi-Node.js/JavaScript. Ikhowudi yomthombo isasazwa phantsi kwelayisensi ye-Apache 2.0. Ixhasa umsebenzi kwiLinux kunye neFreeBSD. Iiphakheji esele zenziwe zilungiselelwe i-Arch, i-CentOS kunye ne-Ubuntu.
I-Arkime ibandakanya izixhobo zokubamba kunye ne-indexing traffic kwifomathi ye-PCAP yendabuko, kwaye ibonelela ngezixhobo zokufikelela ngokukhawuleza kwidatha enesalathisi. Ukusetyenziswa kwefomathi ye-PCAP kwenza lula kakhulu ukudibanisa kunye nabahlalutyi bezithuthi abakhoyo njenge-Wireshark. Umthamo wedatha egciniweyo ulinganiselwe kuphela ngobungakanani bediski ekhoyo. Imetadata yeseshoni ifakwe kwisalathisi kwi-cluster esekwe kwi-injini ye-Elasticsearch.
Ukuhlalutya ulwazi oluqokelelweyo, i-interface yewebhu inikezelwa evumela ukuba uhambe, ukhangele kwaye ukhuphe iisampuli. Ujongano lwewebhu lubonelela ngeendlela ezininzi zokujonga - ukusuka kwiinkcukacha-manani ngokubanzi, iimephu zoqhagamshelo kunye neegrafu ezibonakalayo ezinedatha malunga nokutshintsha komsebenzi womnatha ukuya kwizixhobo zokufunda iiseshoni zomntu ngamnye, ukuhlalutya umsebenzi kumxholo wemigaqo esetyenziswayo kunye nokwahlulahlula idatha kwi-PCAP yokulahla. I-API iphinde ibonelelwe evumela ukuba uthumele idatha malunga neepakethi ezithathiweyo kwifomathi ye-PCAP kunye neeseshoni ezichithwe kwifomathi ye-JSON kwizicelo zomntu wesithathu.
UArkime uqulathe amacandelo amathathu asisiseko:
- Inkqubo yokubamba i-traffic system yi-multi-threaded C yesicelo sokubeka iliso kwi-traffic, ukubhala ukulahla kwifomathi ye-PCAP kwi-disk, ukucazulula iipakethi ezifakiwe kunye nokuthumela i-metadata malunga neeseshoni (SPI, ukuhlolwa kwepakethi ye-Stateful) kunye neeprotocol kwi-cluster ye-Elasticsearch. Kuyenzeka ukugcina iifayile zePCAP kwifom efihliweyo.
- I-interface yewebhu esekelwe kwi-platform ye-Node.js, eqhuba kwi-server nganye yokubamba i-traffic kunye neenkqubo zezicelo ezinxulumene nokufikelela kwidatha ye-indexed kunye nokudlulisa iifayile ze-PCAP nge-API.
- Ugcino lwemetadata olusekwe kwi-Elasticsearch.
Kukhupho olutsha:
- Inkxaso eyongeziweyo ye-IETF QUIC, GENEVE, VXLAN-GPE protocol.
- Inkxaso eyongeziweyo yohlobo lwe-Q-in-Q (i-Double VLAN), ekuvumela ukuba udibanise iithegi ze-VLAN kwiithegi zenqanaba lesibini ukwandisa inani le-VLAN ukuya kwi-16 yezigidi.
- Inkxaso eyongeziweyo yohlobo lwendawo "yokudada".
- Imodyuli yokurekhoda kwi-Amazon Elastic Compute Cloud iguqulelwe ukusebenzisa i-IMDSv2 (Instance Metadata Service) protocol.
- Ikhowudi iye yahlaziywa ukuba yongeze iitonela ze-UDP.
- Inkxaso eyongeziweyo ye-elasticsearchAPIKey kunye ne-elasticsearchBasicAuth.
umthombo: opennet.ru