I've installed Moloch and the documentation is a bit thin. Does anyone know how I can flush both the database and pcap logs to return the system to a freshly installed state?
There is a script for expiring old data from the db but I'd like to get rid of all of it and I'm not sure the script removes the pcap files.
To restore the Moloch database (Elasticsearch schema and indexed data) you can use the /moloch/db/db.pl script and later remove /moloch/raw content to erase PCAP data.
I published a quick post with this info just in case someone find it useful:
Moloch: Erasing data and restore database - Alejandro Nolla - z0mbiehunt3r
