1

I've installed Moloch and the documentation is a bit thin. Does anyone know how I can flush both the database and pcap logs to return the system to a freshly installed state?

There is a script for expiring old data from the db but I'd like to get rid of all of it and I'm not sure the script removes the pcap files.

Simmo
  • 113
  • 1
  • 5

1 Answers1

1

To restore the Moloch database (Elasticsearch schema and indexed data) you can use the /moloch/db/db.pl script and later remove /moloch/raw content to erase PCAP data.

I published a quick post with this info just in case someone find it useful:

Moloch: Erasing data and restore database - Alejandro Nolla - z0mbiehunt3r

slhck
  • 223,558
  • 70
  • 607
  • 592
user227606
  • 26
  • 1
  • Welcome to Super User! Whilst this may theoretically answer the question, [it would be preferable](http://meta.stackexchange.com/q/8259) to include the essential parts of the answer here, and provide the link for reference. – slhck May 29 '13 at 15:43