Malcolm v1.7.1a
idaholab/Malcolm@v1.7.0...v1.7.1a
-
redesign PCAP processing pipeline (pull request #81, issue #80) so that there is one service that watches the
/data/pcap/processeddirectory and publishes to a ØMQ topic), then other services can subscribe to that topic and do what they want with the PCAP information they receive. This will make it much easier to add future PCAP processors, and also increases parallel-ness of the code -
move common Logstash enrichments to a separate pipeline (pull request #81, issue #78). I've made the pipelines used for processing Logstash events more modular, and I've also made it more extensible by having the startup script dynamically detect and configure new pipelines on the fly. this will make it easier to add new parsers in the future (need to document how to do that in the readme though)
-
set opencontainers-compatible labels on docker containers
-
fix issue #82, OUI vendor names used by Logstash don't match those used by Moloch
-
split moloch container into pcap-monitor, zeek, and moloch containers
-
documentation fixex
-
dockerfile cleanup
-
enable readTruncatedPackets for moloch's config.ini to handle more pcaps