Ukukhishwa kwesistimu yokuthwebula, ukugcina kanye nokukhomba amaphakethe enethiwekhi i-Arkime 3.1 isilungisiwe, ihlinzeka ngamathuluzi okuhlola ngokubukeka ukuhamba kwethrafikhi kanye nokusesha ulwazi oluhlobene nomsebenzi wenethiwekhi. Le phrojekthi ekuqaleni yathuthukiswa yi-AOL ngenhloso yokwakha indawo evulekile futhi esebenzisekayo yezinkundla zokucubungula iphakethe lenethiwekhi yezohwebo, ekwazi ukukala ukucubungula ithrafikhi ngesivinini samashumi amagigabhithi ngomzuzwana. Ikhodi yengxenye yokuthwebula ithrafikhi ibhalwe ngo-C, futhi isixhumi esibonakalayo sisetshenziswa ku-Node.js/JavaScript. Ikhodi yomthombo isatshalaliswa ngaphansi kwelayisensi ye-Apache 2.0. Isekela umsebenzi ku-Linux naku-FreeBSD. Amaphakheji enziwe ngomumo alungiselelwa i-Arch, i-CentOS ne-Ubuntu.
I-Arkime ihlanganisa amathuluzi okuthwebula nokukhomba ithrafikhi ngefomethi yomdabu ye-PCAP, futhi ihlinzeka ngamathuluzi okufinyelela ngokushesha kudatha ekhonjiwe. Ukusetshenziswa kwefomethi ye-PCAP kwenza kube lula kakhulu ukuhlanganisa nabahlaziyi bethrafikhi abakhona njenge-Wireshark. Ivolumu yedatha egciniwe inqunyelwe kuphela usayizi weqoqo lediski elitholakalayo. Imethadatha yesikhathi ikhonjiswe kuqoqo elisuselwe kunjini ye-Elasticsearch.
Ukuze uhlaziye ulwazi oluqoqiwe, kunikezwa isixhumi esibonakalayo sewebhu esikuvumela ukuthi uzulazule, useshe futhi ukhiphe amasampula. Isixhumi esibonakalayo sewebhu sinikeza izindlela zokubuka ezimbalwa - kusukela kuzibalo ezijwayelekile, amamephu okuxhumana namagrafu abukwayo anedatha yezinguquko kumsebenzi wenethiwekhi kuya kumathuluzi okutadisha amaseshini angawodwana, ukuhlaziya umsebenzi kumongo wezinqubo ezisetshenziswayo kanye nokwehlukanisa idatha kusuka ezindaweni zokulahla i-PCAP. I-API iphinde ihlinzekwe ekuvumela ukuthi uthumele idatha mayelana namaphakethe athathiwe ngefomethi ye-PCAP namaseshini ahlakaziwe ngefomethi ye-JSON kuzinhlelo zokusebenza zezinkampani zangaphandle.
I-Arkime iqukethe izingxenye ezintathu eziyisisekelo:
- Uhlelo lokuthwebula ithrafikhi luwuhlelo lwe-C olunemicu eminingi lokuqapha ithrafikhi, ukubhala okulahlwayo ngefomethi ye-PCAP kudiski, ukucozulula amaphakethe athunjiwe nokuthumela imethadatha mayelana namaseshini (i-SPI, ukuhlolwa kwephakethe okusemthethweni) kanye nezivumelwano kuqoqo le-Elasticsearch. Kungenzeka ukugcina amafayela e-PCAP efomini elibethelwe.
- Isixhumi esibonakalayo sewebhu esisekelwe kuplathifomu ye-Node.js, esebenza kuseva yokuthwebula ithrafikhi ngayinye futhi icubungule izicelo ezihlobene nokufinyelela idatha enenkomba nokudlulisa amafayela e-PCAP nge-API.
- Ukugcinwa kwemethadatha okusekelwe ku-Elasticsearch.
Ekukhishweni okusha:
- Ukwesekwa okwengeziwe kwe-IETF QUIC, GENEVE, VXLAN-GPE protocol.
- Ukwesekwa okwengeziwe kohlobo lwe-Q-in-Q (Double VLAN), okukuvumela ukuthi uhlanganise omaka be-VLAN kumathegi ezinga lesibili ukuze wandise inani lama-VLAN lifinyelele ezigidini ezingu-16.
- Usekelo olungeziwe lohlobo lwenkambu ethi "float".
- Imojuli yokurekhoda ku-Amazon Elastic Compute Cloud iguqulelwe ukusebenzisa iphrothokholi ye-IMDSv2 (Instance Metadata Service).
- Ikhodi yenziwe kabusha ukuze kwengezwe amathaneli e-UDP.
- Ukwesekwa okwengeziwe kwe-elasticsearchAPIKey kanye ne-elasticsearchBasicAuth.
Source: opennet.ru