1
I've installed Moloch and the documentation is a bit thin. Does anyone know how I can flush both the database and pcap logs to return the system to a freshly installed state?
There is a script for expiring old data from the db but I'd like to get rid of all of it and I'm not sure the script removes the pcap files.
Simmo
Posted 2013-05-29T10:52:30.817
Reputation: 113
1
To restore the Moloch database (Elasticsearch schema and indexed data) you can use the /moloch/db/db.pl script and later remove /moloch/raw content to erase PCAP data.
I published a quick post with this info just in case someone find it useful:
Moloch: Erasing data and restore database - Alejandro Nolla - z0mbiehunt3r
user227606
Posted 2013-05-29T10:52:30.817
Reputation: 26
Welcome to Super User! Whilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference.
– slhck – 2013-05-29T15:43:53.617