Logo

A powerful, easily deployable network traffic analysis tool suite for network security monitoring

Quick Start

Documentation

Components

Supported Protocols

Configuring

Arkime

Dashboards

Hedgehog Linux

Contribution Guide

Malcolm Configuration

Malcolm’s runtime settings are stored (with a few exceptions) as environment variables in configuration files ending with a .env suffix in the ./config directory. The ./scripts/configure script can help users configure and tune these settings.

Run ./scripts/configure and answer the questions to configure Malcolm. For an in-depth treatment of these configuration questions, see the Configuration section in End-to-end Malcolm and Hedgehog Linux ISO Installation.

Environment variable files

Although the configuration script automates many of the following configuration and tuning parameters, some environment variables of particular interest are listed here for reference.

Command-line arguments

The ./scripts/configure script can also be run noninteractively which can be useful for scripting Malcolm setup. This behavior can be selected by supplying the -d or --defaults option on the command line. Running with the --help option will list the arguments accepted by the script:

$ ./scripts/configure --help
usage: configure <arguments>

Malcolm install script

options:
  -v [true|false], --verbose [true|false]
                        Verbose output
  -d [true|false], --defaults [true|false]
                        Accept defaults to prompts without user interaction
  -c [true|false], --configure [true|false]
                        Only do configuration (not installation)
…

Note that the value for any argument not specified on the command line will be reset to its default (as if for a new Malcolm installation) regardless of the setting’s current value in the corresponding .env file. In other words, users who want to use the --defaults option should carefully review all available command-line options and choose all that apply.

Similarly, authentication-related settings can also be set noninteractively by using the command-line arguments for ./scripts/auth_setup.

Managing disk usage

In instances where Malcolm is deployed with the intention of running indefinitely, eventually the question arises of what to do when the file systems used for storing Malcolm’s artifacts (e.g., PCAP files, raw logs, OpenSearch indices, extracted files, etc.). Malcolm provides options for tuning the “aging out” (deletion) of old artifacts to make room for newer data.

Similar settings exist for managing disk usage on Hedgehog Linux.