-
|
Is it possible to use Malcolm in cloud to collect the traffic of my AWS infrastructure? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
We've got some cloud deployment capability right now, and this is an area where were are looking to become more capable in the future. We have documentation here on deploying Malcolm in Kubernetes, with Amazon Elastic Kubernetes deployment covered here. There is also documentation for installing Malcolm on a single EC2 instance here. These options I've listed so far work for getting Malcolm deployed in the cloud, but don't take full advantage of all the scale-out stuff cloud (and kubernetes in particular) is known for, yet. However, In addition to the above, a partner organization has been building this Malcolm Helm chart and using it to deploy Malcolm in a much more scalable way in their organization. The core Malcolm team hasn't yet really had a chance to go through it and evaluate it, hence the documentation using the old vanilla-k8s manifests way, but I think that for cloud people who actually know what they're doing (read: not me, at least not yet 🥲 ) that's what they will probably want to use, so I recommend checking that out. For how you route your traffic to a virtual interface where it can be captured, from my still-limited understanding you do that by using AWS VPC Traffic Mirroring:
There is some cool work the Arkime team has been doing in automating the setup of that mirroring, which may at some point be adapted into Malcolm, but it's not yet. Basically, though, if you can set up VPC traffic mirroring so that whatever the Malcolm container instance is that's doing the capture sees it as a named interface, you can capture on it. If you go down one of these paths, please let us know here how it's going for you so we can take your lessons learned into account! |
Beta Was this translation helpful? Give feedback.
-
|
@sucremad , does that cover the information you're looking for? |
Beta Was this translation helpful? Give feedback.
-
|
Hi, @mmguero, thank you for your replay. Since I m very busy recently, I couldn't have a chance to look them. I will update here, if I can make things work. |
Beta Was this translation helpful? Give feedback.
-
|
Sounds good! |
Beta Was this translation helpful? Give feedback.
We've got some cloud deployment capability right now, and this is an area where were are looking to become more capable in the future.
We have documentation here on deploying Malcolm in Kubernetes, with Amazon Elastic Kubernetes deployment covered here. There is also documentation for installing Malcolm on a single EC2 instance here.
These options I've listed so far work for getting Malcolm deployed in the cloud, but don't take full advantage of all the scale-out stuff cloud (and kubernetes in particular) is known for, yet.
However, In addition to the above, a partner organization has been building this Malcolm Helm chart and using it to deploy Malcolm in a much more scalable way in their…