I-Arkime 3.1, inkqubo yokubamba, ukugcina, kunye nokubeka izalathisi zenethiwekhi, ikhutshiwe. Ibonelela ngezixhobo zokuvavanya ukuhamba kwezithuthi ngokubonakalayo kunye nokukhangela ulwazi olunxulumene nomsebenzi wenethiwekhi. Le projekthi yaphuhliswa ekuqaleni yi-AOL ukudala indawo evulekileyo, enokusetyenziswa kwiindawo zorhwebo zokucubungula iipakethi zenethiwekhi ezikwaziyo ukulinganisa ukuphatha izithuthi ngesantya samashumi eegigabits ngomzuzwana. Icandelo lokubamba iitrafikhi libhalwe ngo-C, kwaye ujongano lusetyenziswa kwiNode.js/JavaScript. Ikhowudi yomthombo isasazwa phantsi kwelayisenisi yeApache 2.0. Umsebenzi uxhaswa kwi Linux kunye neFreeBSD. Iipakeji ezenziwe sele zilungile ziyafumaneka kwiArch, CentOS и Ubuntu.
I-Arkime ibandakanya izixhobo zokubamba kunye ne-indexing traffic kwifomathi ye-PCAP yendabuko, kwaye ibonelela ngezixhobo zokufikelela ngokukhawuleza kwidatha enesalathisi. Ukusetyenziswa kwefomathi ye-PCAP kwenza lula kakhulu ukudibanisa kunye nabahlalutyi bezithuthi abakhoyo njenge-Wireshark. Umthamo wedatha egciniweyo ulinganiselwe kuphela ngobungakanani bediski ekhoyo. Imetadata yeseshoni ifakwe kwisalathisi kwi-cluster esekwe kwi-injini ye-Elasticsearch.
Ukuhlalutya ulwazi oluqokelelweyo, i-interface yewebhu inikezelwa evumela ukuba uhambe, ukhangele kwaye ukhuphe iisampuli. Ujongano lwewebhu lubonelela ngeendlela ezininzi zokujonga - ukusuka kwiinkcukacha-manani ngokubanzi, iimephu zoqhagamshelo kunye neegrafu ezibonakalayo ezinedatha malunga nokutshintsha komsebenzi womnatha ukuya kwizixhobo zokufunda iiseshoni zomntu ngamnye, ukuhlalutya umsebenzi kumxholo wemigaqo esetyenziswayo kunye nokwahlulahlula idatha kwi-PCAP yokulahla. I-API iphinde ibonelelwe evumela ukuba uthumele idatha malunga neepakethi ezithathiweyo kwifomathi ye-PCAP kunye neeseshoni ezichithwe kwifomathi ye-JSON kwizicelo zomntu wesithathu.
UArkime uqulathe amacandelo amathathu asisiseko:
- Inkqubo yokubamba i-traffic system yi-multi-threaded C yesicelo sokubeka iliso kwi-traffic, ukubhala ukulahla kwifomathi ye-PCAP kwi-disk, ukucazulula iipakethi ezifakiwe kunye nokuthumela i-metadata malunga neeseshoni (SPI, ukuhlolwa kwepakethi ye-Stateful) kunye neeprotocol kwi-cluster ye-Elasticsearch. Kuyenzeka ukugcina iifayile zePCAP kwifom efihliweyo.
- Ujongano lwewebhu olusekelwe kwiqonga leNode.js elisebenza kuzo zonke umncedisi ukubanjwa kwetrafikhi kunye neenkqubo zezicelo ezinxulumene nokufikelela kwidatha echazwe kwisalathiso kunye nokudluliselwa kweefayile ze-PCAP nge-API.
- Ugcino lwemetadata olusekwe kwi-Elasticsearch.
Kukhupho olutsha:
- Inkxaso eyongeziweyo ye-IETF QUIC, GENEVE, VXLAN-GPE protocol.
- Inkxaso eyongeziweyo yohlobo lwe-Q-in-Q (i-Double VLAN), ekuvumela ukuba udibanise iithegi ze-VLAN kwiithegi zenqanaba lesibini ukwandisa inani le-VLAN ukuya kwi-16 yezigidi.
- Inkxaso eyongeziweyo yohlobo lwendawo "yokudada".
- Imodyuli yokurekhoda kwi-Amazon Elastic Compute Cloud iguqulelwe ukusebenzisa i-IMDSv2 (Instance Metadata Service) protocol.
- Ikhowudi iye yahlaziywa ukuba yongeze iitonela ze-UDP.
- Inkxaso eyongeziweyo ye-elasticsearchAPIKey kunye ne-elasticsearchBasicAuth.
umthombo: opennet.ru
