Technote (FAQ)
Question
How can you use Network Sensor or Server Sensor to capture traffic?
Answer
Server Sensor and Network Sensor can be used to capture all traffic across the interface.
You can enable and disable packet logging in the Sensor Properties window. You can also configure the maximum number of files, file size, and location of the files created by packet logging in this window.
You can enable or disable packet logging for a Network Sensor or Server Sensor. You can also configure the following features of packet logging:
- maximum number of files
- file size
- file location
- file type to be created by packet logging
Packet logging is disabled by default. Use the Advanced tab in the Sensor Properties window to enable and configure packet logging.
Important: This feature is intended for debugging or investigative purposes only. Do not use it to record all network traffic. This feature will have an impact on machine performance, especially if used in high-traffic conditions.
To configure packet logging:
1. In the SiteProtector Console, select a Network Sensor or Server Sensor in the Agent tab.
2. Right-click on the sensor, and choose Properties.
3. In the properties window, choose Agent Properties, and then Edit Agent Properties.
-
The Sensor Properties window appears.
5. Continue according to the following table:
To... |
Select this parameter name... |
| Enable or disable packet logging | packetlog.enabled |
| Specify a different directory path and first part of the filename for the log file | packetlog.fileprefix |
| Specify a different extension for the log file | packetlog.filesuffix |
| Specify a different maximum number of files in the log file directory | packetlog.maxfiles |
| Specify a different maximum size of each file in the log file directory | packetlog.maxKbytes |
6. Click Edit.
The Advanced Value window appears.
7. Continue according to the following table:
To... |
Do this... |
| Enable packet logging | Select True, and then click OK. |
| Disable packet logging | Select False, and then click OK. |
| Specify a different directory path and first part of the filename for the log file | Type a new directory path in Value, and then click OK. Note: If the directory path points to a shared folder on the network, ensure that the administrator or system account for the network sensor machine has full access rights to the shared folder. If the sensor does not have full access rights, a sensor error occurs at the console. |
Specify a different extension for the log file |
Type a new extension in Value, and then click OK. |
Specify a different maximum number of files in the log file directory |
Select a new maximum number in Value, and then click OK. |
Specify a different maximum size of each file in the log file directory |
Select a new maximum size in Value, and then click OK. |
8. Repeat Steps 5 through 7 for each parameter you want to configure.
9. Click OK.
If the above information does not resolve your issue, please contact IBM Security Systems Technical Support.
| Segment | Product | Component | Platform | Version | Edition |
|---|---|---|---|---|---|
| Security | IBM RealSecure Server Sensor for AIX | ||||
| Security | IBM RealSecure Server Sensor for HP-UX | ||||
| Security | IBM RealSecure Server Sensor for Solaris | ||||
| Security | RealSecure Network Sensor | Linux, Windows | 7.0 |
Historical Number
1030
Product Alias/Synonym
RealSecure Network Sensor
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.