Logo

A powerful, easily deployable network traffic analysis tool suite

Quick Start

Documentation

Components

Supported Protocols

Configuring

Arkime

Dashboards

Hedgehog Linux

Contribution Guide

Recommended system requirements

Malcolm runs on top of Docker, which runs on recent releases of Linux, Apple macOS, and Microsoft Windows 10 and up. Malcolm can also be deployed in the cloud with Kubernetes.

To quote the Elasticsearch documentation, “If there is one resource that you will run out of first, it will likely be memory.” The same is true for Malcolm: and users will want at least 16GB of RAM to run Malcolm comfortably. For processing large volumes of traffic, Malcolm developers recommend a minimum of 16 cores and 16 gigabytes of RAM on a dedicated server. Malcolm can run on less, but more is better. Of course, users will want as much hard drive space as possible, as the amount of PCAP data a machine can analyze and store will be limited by its hard drive.

Arkime’s wiki has documents (here and here and here and a calculator here) that may be helpful, although not everything in those documents will apply to a Docker-based setup such as Malcolm.