Architecture
MineMeld has 2 main components:
- the core, living on the VM/instance
- the WebUI, the Web User Interface
The components communicate using the API provided by core.
The Web User Interface is implemented by a set of static javascript, CSS and HTML files. All the pages are rendered on the client using client side HTML templates. Dynamic content is retrieved on the fly using the MineMeld API.
In a typical installation, an instance of nginx is used to serve the WebUI static files and to proxy the calls to the MineMeld API.
- The browser retrieves the WebUI static files via nginx
- Static files rendered on the browser connect back to the MineMeld API to retrieve dynamic content
The code for the WebUI is available in the minemeld-webui repo, https://github.com/PaloAltoNetworks/minemeld-webui
The core implements 3 services:
- the engine, the service doing the actual work
- the API, for controlling and monitoring the status of the engine from the WebUI
- the traced daemon, responsible for storing the traces of the messages flowing thru the engine
The 3 services are launched at boot via supervisord. Supervisord takes care of monitoring the services, rotating the logs and restarting the services in case of failures.
The MineMeld API offers an endpoint to control the status of the MineMeld engine via supervisord. The WebUI uses this endpoint to monitor the status of the engine and to restart the engine for applying new configurations.
The 3 services communicate using a simple RPC mechanism over an external message broker, RabbitMQ. Redis is used for streaming long answers and for retrieving output feeds from the engine.
The MineMeld engine stores metrics for each of its nodes in a RRD database using collectd. The API then retrieves the data points directly from collectd and make them available to the WebUI.
MineMeld core code is available in the minemeld-core repo: https://github.com/PaloAltoNetworks/minemeld-core