Malcolm v23.10.0 is a feature release.
- Features and enhancements
- support both OpenSearch and Elasticsearch output (idaholab#258)
- "capture-only" Malcolm configuration (AKA "dockerized Hedgehog") (idaholab#254)
- don't run kiosk mode on Hedgehog first boot (idaholab#263)
- let Arkime check its own database to see if it needs to be upgraded
- allow specifying Arkime password hash secret for Viewer clusters
- documentation improvements
- minor updates to slide decks
- allow specifying ports for EtherNet/IP parser via environment variable
- Component version updates
- Bug fixes
- set "autorestart" to true for all started services (idaholab#267)
- changed toolchain for building Zeek and Zeek plugins to clang/libc++ to address some build issues with Spicy plugins using GCC
- ensure Arkime is started before creating OpenSearch artifacts
- ensure Arkime and OpenSearch artifacts are populated before starting LogStash
- don't log "0.0" temperatures from Fluent Bit thermal forwarders
Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from https://malcolm.fyi/.