forked from mosajjal/arkime-container
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.ini
59 lines (59 loc) · 1.36 KB
/
config.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
[default]
elasticsearch=http://127.0.0.1:9200
rotateIndex=daily
passwordSecret=password
httpRealm=Arkime
webBasePath=/
interface=lo
bpf=not port 9200
yara=/dev/null
pcapDir=/opt/arkime/raw
maxFileSizeG=12
maxFileTimeM=0
tcpTimeout=600
tcpSaveTimeout=720
udpTimeout=30
icmpTimeout=10
maxStreams=1000000
maxPackets=10000
freeSpaceG=5%
viewPort=8005
viewHost=localhost
viewUrl=https://HOSTNAME:8005
geoLite2Country=/opt/arkime/etc/GeoLite2-Country.mmdb
geoLite2ASN=/opt/arkime/etc/GeoLite2-ASN.mmdb
rirFile=/opt/arkime/etc/ipv4-address-space.csv
ouiFile=/opt/arkime/etc/oui.txt
dropUser=nobody
dropGroup=daemon
localPcapIndex=false
userNameHeader=arkime_user
parseSMTP=true
parseSMB=true
parseQSValue=false
supportSha256=false
maxReqBody=64
config.reqBodyOnlyUtf8=true
smtpIpHeaders=X-Originating-IP:;X-Barracuda-Apparent-Source-IP:
parsersDir=/opt/arkime/parsers
pluginsDir=/opt/arkime/plugins
netflowSNMPInput=1
netflowSNMPOutput=2
netflowVersion=1
spiDataMaxIndices=4
uploadCommand=/opt/arkime/bin/capture --copy -n {NODE} -r {TMPFILE} -c {CONFIG} {TAGS}
titleTemplate=_cluster_ - _page_ _-view_ _-expression_
packetThreads=2
pcapReadMethod=libpcap
pcapWriteMethod=simple
pcapWriteSize=262143
dbBulkSize=300000
compressES=false
maxESConns=30
maxESRequests=500
packetsPerPoll=50000
antiSynDrop=true
logEveryXPackets=100000
logUnknownProtocols=false
logESRequests=true
logFileCreation=true