|
|
|
This section defines the XML tags used to define NBA logging operations.
Contains the tags that control NBA logging activity.
Defaults to 10. This tag specifies the maximum number of log files per NBA processor.
When the maximum number of log files exists and the maximum size of the latest is reached (see below), the oldest log file is deleted to enable a new one to be created.
This tag supports type and value attributes:
Always set to type="numberType".
Specifies the maximum number of log files of each type, for each NBA processor. For example:
<numberoflogfiles type="numberType" value="10" />
Defaults to 1024. This tag specifies the maximum size (in KB) for each log file. When the current log file reaches its maximum size, the NBA creates a new log file.
This tag supports type and value attributes:
Always set to type="numberType".
Specifies the maximum size for log files. For example:
<maxsizeoflogfileskb type="numberType" value="1024" />
Defaults to error. This tag determines the default level of logging for the packet capture process. You can override this logging level for individual network filters or application filters, all of which have their own <loglevel> tag.
The Logging Level field in the Policy screen of the NBA console has the same effect as this policy tag.
This tag supports type and value attributes:
Always set to type="simpleEnumLogLevel".
Can be set to:
In normal NBA operations, the logging level is typically set to error. Other levels are supported for evaluation, diagnostic, or testing purposes. In particular, debug logging causes the log file to grow extremely rapidly.
Defaults to 0 (no time limit). This tag specifies how often (in hours) a new log file is created, even if the current log file has not reached its maximum size. If set to zero, a new log file is only created when the current log file reaches its maximum size.
This rollover tag applies to all types of log file for each NBA processor.
This tag supports type and value attributes:
Always set to type="numberType".
Specifies log file rollover interval (in hours). For example:
<logrolloverhours type=numberType value="24"/>
Defaults to 60. This tag specifies how often (in seconds) the NBA statistics log files are updated. Statistics are recorded in the statistics log files.
This tag supports type and value attributes:
Always set to type="numberType".
Specifies the statistics update frequency (in seconds). For example:
<statslogintervalsecs type=numberType value="60"/>
This section defines the XML tags used to control NBA SSL Decode.
Contains the tags that control NBA SSL Decode.
Specifies a list of URL domains that are not subject to SSL Decoding. Domains are checked in two ways:
If you have an RFC2817 HTTP CONNECT proxy that browsers use to connect to secure web sites and the NBA is between the clients and the proxy, the destination domain for each connection is checked by the NBA. If the domain matches a listed domain, the SSL connection is allowed to proceed without decode.
Connections that do not go through a proxy have their domains checked against the "Subject" or "Issued to" property of the SSL certificate. The first connection to the domain gets closed and subsequent connections are allowed to proceed without decoding.
Sub-domains are also excluded from decoding. If the excluded domain is "company.com" but the site is "special.company.com", the domain is still excluded.
Always set to type="stringListType".
Identifies a single domain name. Use multiple <element> tags to identify multiple domains.
Each <element> supports a single attribute.
Specifies a domain.
Example:
<element value="update.microsoft.com"/> <element value="activation.sls.microsoft.com"/>
(Optional) The server exclusion cache will allow unmonitored sessions to SSL servers that will not accept connections from the decoder. This might be because the decoder's SSL protocols are unacceptable to the server. An attempt to connect to the server has to be made before the decoder can determine this, so it's only subsequent connections that will be permitted. The IP address and port number of the server are cached so that future connections to this server and port will not be subject to SSL decode.
If there is a web proxy or some other device between the decoder and the internet that hides the real server's IP address from the internal network, the server exclusion cache cannot be used and it must be disabled. This is because all servers will appear to have the same IP address so one exclusion will affect all connections.
Always set to type="booleanType".
Defaults to false, disabling this cache.
(Optional) The client exclusion cache will allow unmonitored sessions from clients that fail to connect to the decoder. This could be because the client has not had the decoder's master root certificate installed (though some applications don't cause the SSL negotiation error needed to trigger the cache - they just close the connection after it has been negotiated). The IP addresses of both server and client as well as the port number of the server are cached so that future connections from this client to this server will not be subjected to SSL decode.
If there is a web proxy or other device between the decoder and clients that hides the real client IP addresses from the NBA, this cache must be disabled. This is because all clients will appear to have the same IP address so one exclusion will affect all clients.
Always set to type="booleanType".
Defaults to false, disabling this cache.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |