If the NBA is capturing some files and emails but missing others, check the following:
Changes to filter IP addresses and actions take place immediately and can result in some files and emails not being captured.
Take care when changing the NBA's network and application protocol filter settings while sessions are in progress: The NBA tracks the start and end of TCP sessions to reassemble the files and emails that are sent inside decoded application protocols.
For example, adding a filter to capture Instant Messaging might not capture any messages until users log out from the messaging client and then log back in. Similarly, SSL sessions that are in progress while you enable decoding are not decoded; SSL sessions that are being decoded while you disable decoding will stall and need to be restarted in the browser.
The NBA tracks the start and end of TCP sessions in order to be able to reassemble the files and emails sent inside decoded application protocols. If the NBA is rebooted so that it loses track of sessions, some files and emails will not be captured.
For example, if a user logs on to their GMail account and the NBA is rebooted, emails sent after this point may not be captured. When the user logs back in to GMail, emails are captured again.
|
Copyright © 2014 CA.
All rights reserved.
|
|