Monitoring with a CA Standard Monitor › Secure Packet Capture Investigation Files
Secure Packet Capture Investigation Files
A CA Standard Monitor stores its packet capture investigation files in unencrypted format. By default, a packet capture investigation only collects header information which greatly reduces the need for encryption.
To elevate security of packet capture investigation files:
- You can configure packet capture investigations to only capture header information.
- Disable packet capture investigations on the monitor. Note that when you upgrade the CA Standard Monitor, packet capture investigations are enabled. You must manually modify the monitor configuration after you upgrade to disable packet captures.
If you choose to enable packet capture investigations, you should also configure roles to limit who can create and view packet capture investigations.
Follow these steps:
- On the CA Standard Monitor, open the Windows Explorer and browse to <ADA_HOME>\SuperAgent\dotnet\InspectorAgent.
- In the InspectorAgent.exe.config file, uncomment the following entry:
<add key="Capture.CaptureTcp" value="disable" />
- Restart the NetQoS Inspector Agent service on the monitor to apply your changes.
- To manually delete existing packet capture investigation files on the monitor, navigate to <ADA_HOME>\SuperAgent\Web\batch\snifferfiles and delete the existing packet capture investigation (.enc) files. Note that when the 5-minute data is purged as part of database maintenance, the packet capture investigation files tied to that 5-minute data are automatically purged.
Copyright © 2014 CA Technologies.
All rights reserved.
|
|