Using Server Sensor to capture traffic

Technote (FAQ)


Question

How can you use Server Sensor to capture traffic?

Cause

Server Sensor can be used to capture all traffic across the interface. You can enable and disable packet logging in the Sensor Properties window. You can also configure the maximum number of files, file size, and location of the files created by packet logging in this window.

Answer

You can enable or disable packet logging for Server Sensor. You can also configure the following features of packet logging:

  • maximum number of files
  • file size
  • file location
  • file type to be created by packet logging

Packet logging is disabled by default. Use the Advanced tab in the Sensor Properties window to enable and configure packet logging.

To configure packet logging, please follow the instructions below :

Important: This feature is intended for debugging or investigative purposes only. Do not use it to record all network traffic. This feature will have an impact on machine performance, especially if used in high-traffic conditions.

  1. In the SiteProtector Console, select a Server Sensor in the Agent tab.

  2. Right-click on the sensor, and choose Properties.

  3. In the properties window, choose Agent Properties, and then Edit Agent Properties. The Sensor Properties window should now appear.

  4. Select the Advanced tab.

  5. Continue according to the following table:

    To... Select this parameter name:
    Enable or disable packet logging packetlog.enabled​
    Specify a different directory path and first part of the filename for the log file packetlog.fileprefix​
    Specify a different extension for the log file packetlog.filesuffix​
    Specify a different maximum number of files in the log file directory packetlog.maxfiles​
    Specify a different maximum size of each file in the log file directory ​ packetlog.maxKbytes​

  6. Click Edit. The Advanced Value window should now appear.

  7. Continue according to the following table:

    To... Do this:
    Enable packet logging Select ​True​, and then click ​OK​.
    Disable packet logging Select ​False​, and then click ​OK​.
    Specify a different directory path and first part of the filename for the log file Type a new directory path in ​Value​, and then click ​OK​.​

    Note:​ If the directory path points to a shared folder on the network, ensure that the administrator or system account for the network sensor machine has full access rights to the shared folder. If the sensor does not have full access rights, a sensor error occurs at the console.​
    Specify a different extension for the log file Type a new extension in ​Value​, and then click ​OK​.
    Specify a different maximum number of files in the log file directory Select a new maximum number in ​Value​, and then click ​OK​.
    Specify a different maximum size of each file in the log file directory Select a new maximum size in ​Value​, and then click ​OK​.

  8. Repeat Steps 5 through 7 for each parameter you want to configure.

  9. Click OK.



If the above information does not resolve your issue, contact IBM Security Systems Customer Support.

Historical Number

1030

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Security Host Protection
RealSecure Server Sensor

Software version:

7.0 - SR 4.1, 7.0 - SR 4.2, 7.0 - SR 4.3, 7.0 - SR 4.4

Operating system(s):

AIX, HP-UX, Linux, Windows

Reference #:

1434431

Modified date:

2012-04-05

Translate my page

Machine Translation

Content navigation