diff --git a/Dockerfiles/dashboards-helper.Dockerfile b/Dockerfiles/dashboards-helper.Dockerfile index 39086b372..c9536d157 100644 --- a/Dockerfiles/dashboards-helper.Dockerfile +++ b/Dockerfiles/dashboards-helper.Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.18 +FROM alpine:3.19 # Copyright (c) 2020 Battelle Energy Alliance, LLC. All rights reserved. LABEL maintainer="malcolm@inl.gov" @@ -63,7 +63,7 @@ RUN apk update --no-cache && \ apk upgrade --no-cache && \ apk --no-cache add bash python3 py3-pip curl openssl procps psmisc npm rsync shadow jq tini && \ npm install -g http-server && \ - pip3 install supervisor humanfriendly requests && \ + pip3 install --break-system-packages supervisor humanfriendly requests && \ curl -fsSLO "$SUPERCRONIC_URL" && \ echo "${SUPERCRONIC_SHA1SUM} ${SUPERCRONIC}" | sha1sum -c - && \ chmod +x "$SUPERCRONIC" && \ diff --git a/Dockerfiles/dirinit.Dockerfile b/Dockerfiles/dirinit.Dockerfile index b469571aa..0e8998c61 100644 --- a/Dockerfiles/dirinit.Dockerfile +++ b/Dockerfiles/dirinit.Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.18 +FROM alpine:3.19 # Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. LABEL maintainer="malcolm@inl.gov" diff --git a/Dockerfiles/nginx.Dockerfile b/Dockerfiles/nginx.Dockerfile index 425e3fcbb..83d885ad5 100644 --- a/Dockerfiles/nginx.Dockerfile +++ b/Dockerfiles/nginx.Dockerfile @@ -33,7 +33,7 @@ RUN find /site -type f -name "*.md" -exec sed -i "s/{{[[:space:]]*site.github.bu find /site/_site -type f -name "*.html" -exec sed -i 's@\(href=\)"/"@\1"/readme/"@g' "{}" \; # build NGINX image -FROM alpine:3.18 +FROM alpine:3.19 LABEL maintainer="malcolm@inl.gov" LABEL org.opencontainers.image.authors='malcolm@inl.gov' diff --git a/docs/development.md b/docs/development.md index c4a5a05fa..7b338341a 100644 --- a/docs/development.md +++ b/docs/development.md @@ -52,7 +52,7 @@ Then, go take a walk or something since it will be a while. When you are done, y * `ghcr.io/idaholab/malcolm/api` (based on `python:3-slim`) * `ghcr.io/idaholab/malcolm/arkime` (based on `debian:12-slim`) -* `ghcr.io/idaholab/malcolm/dashboards-helper` (based on `alpine:3.18`) +* `ghcr.io/idaholab/malcolm/dashboards-helper` (based on `alpine:3.19`) * `ghcr.io/idaholab/malcolm/dashboards` (based on `opensearchproject/opensearch-dashboards`) * `ghcr.io/idaholab/malcolm/file-monitor` (based on `debian:12-slim`) * `ghcr.io/idaholab/malcolm/file-upload` (based on `debian:12-slim`) @@ -61,7 +61,7 @@ Then, go take a walk or something since it will be a while. When you are done, y * `ghcr.io/idaholab/malcolm/htadmin` (based on `debian:11-slim`) * `ghcr.io/idaholab/malcolm/logstash-oss` (based on `opensearchproject/logstash-oss-with-opensearch-output-plugin`) * `ghcr.io/idaholab/malcolm/netbox` (based on `netboxcommunity/netbox:latest`) -* `ghcr.io/idaholab/malcolm/nginx-proxy` (based on `alpine:3.18`) +* `ghcr.io/idaholab/malcolm/nginx-proxy` (based on `alpine:3.19`) * `ghcr.io/idaholab/malcolm/opensearch` (based on `opensearchproject/opensearch`) * `ghcr.io/idaholab/malcolm/pcap-capture` (based on `debian:12-slim`) * `ghcr.io/idaholab/malcolm/pcap-monitor` (based on `debian:12-slim`) diff --git a/docs/malcolm-config.md b/docs/malcolm-config.md index fff52c6b0..b103bd901 100644 --- a/docs/malcolm-config.md +++ b/docs/malcolm-config.md @@ -54,11 +54,11 @@ Although the configuration script automates many of the following configuration - The following variables control the OpenSearch indices to which network traffic metadata are written. Changing them from their defaults may cause logs from non-Arkime data sources (i.e., Zeek, Suricata) to not show up correctly in Arkime. + `MALCOLM_NETWORK_INDEX_PATTERN` - Index pattern for network traffic logs written via Logstash (default is `arkime_sessions3-*`) + `MALCOLM_NETWORK_INDEX_TIME_FIELD` - Default time field to use for network traffic logs in Logstash and Dashboards (default is `firstPacket`) - + `MALCOLM_NETWORK_INDEX_SUFFIX` - Suffix used to create index to which network traffic logs are written (supports [Ruby `strftime`](https://docs.ruby-lang.org/en/3.2/strftime_formatting_rdoc.html) strings in `%{}`) (default is `%{%y%m%d}`) + + `MALCOLM_NETWORK_INDEX_SUFFIX` - Suffix used to create index to which network traffic logs are written (supports [Ruby `strftime`](https://docs.ruby-lang.org/en/3.2/strftime_formatting_rdoc.html) strings in `%{}`) (default is `%{%y%m%d}`) - The following variables control the OpenSearch indices to which other logs ([third-party logs](third-party-logs.md#ThirdPartyLogs), resource utilization reports from network sensors, etc.) are written. + `MALCOLM_OTHER_INDEX_PATTERN` - Index pattern for other logs written via Logstash (default is `malcolm_beats_*`) + `MALCOLM_OTHER_INDEX_TIME_FIELD` - Default time field to use for other logs in Logstash and Dashboards (default is `@timestamp`) - + `MALCOLM_OTHER_INDEX_SUFFIX` - Suffix used to create index to which other logs are written (supports [Ruby `strftime`](https://docs.ruby-lang.org/en/3.2/strftime_formatting_rdoc.html) strings in `%{}`) (default is `%{%y%m%d}`) + + `MALCOLM_OTHER_INDEX_SUFFIX` - Suffix used to create index to which other logs are written (supports [Ruby `strftime`](https://docs.ruby-lang.org/en/3.2/strftime_formatting_rdoc.html) strings in `%{}`) (default is `%{%y%m%d}`) * **`pcap-capture.env`** - settings specific to capturing traffic for [live traffic analysis](live-analysis.md#LocalPCAP) - `PCAP_ENABLE_NETSNIFF` – if set to `true`, Malcolm will capture network traffic on the local network interface(s) indicated in `PCAP_IFACE` using [netsniff-ng](http://netsniff-ng.org/) - `PCAP_ENABLE_TCPDUMP` – if set to `true`, Malcolm will capture network traffic on the local network interface(s) indicated in `PCAP_IFACE` using [tcpdump](https://www.tcpdump.org/); there is no reason to enable *both* `PCAP_ENABLE_NETSNIFF` and `PCAP_ENABLE_TCPDUMP`