546
edits
Ring Buffer Configuration Guide: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
|||
| Line 33: | Line 33: | ||
If the disk has been formatted, you can continue with the configuration of the '''ring buffer''' at '''Generic''' → '''ring buffer'''. If you have created a disk with a ring buffer, you should see the statistics of the buffer as in the screen shot here below. | If the disk has been formatted, you can continue with the configuration of the '''ring buffer''' at '''Generic''' → '''ring buffer'''. If you have created a disk with a ring buffer, you should see the statistics of the buffer as in the screen shot here below. | ||
[[File:Running packet ring buffer.png|600px]] | [[File:Running packet ring buffer.png|border|600px]] | ||
The ring buffer is now running and all pcap buttons will work for historic dates. For advanced setup, please continue at the section [[#Filter Rules]]. | The ring buffer is now running and all pcap buttons will work for historic dates. For advanced setup, please continue at the section [[#Filter Rules]]. | ||
| Line 43: | Line 43: | ||
By default, the Allegro Network Multimeter uses '''One''' cluster ring buffer. If you need more, please open the Settings menu at the top right corner. | By default, the Allegro Network Multimeter uses '''One''' cluster ring buffer. If you need more, please open the Settings menu at the top right corner. | ||
[[File:Settings button.png|100px]] | [[File:Settings button.png|border|100px]] | ||
Here you can increase the number of cluster ring buffers. We will continue this tutorial with 2 ring buffers to show the full flexibility of the Allegro. Please note that you need to restart the processing when you change the parameter. This can be done at '''Settings''' → '''Administration''' → '''Restart processing'''. | Here you can increase the number of cluster ring buffers. We will continue this tutorial with 2 ring buffers to show the full flexibility of the Allegro. Please note that you need to restart the processing when you change the parameter. This can be done at '''Settings''' → '''Administration''' → '''Restart processing'''. | ||
| Line 49: | Line 49: | ||
To enable the cluster ring buffer mode, please check at '''Generic''' → '''ring buffer''', if the tab ''cluster configuration'' is selected or not. If it is not, selected, delete the non-cluster ring buffer with: | To enable the cluster ring buffer mode, please check at '''Generic''' → '''ring buffer''', if the tab ''cluster configuration'' is selected or not. If it is not, selected, delete the non-cluster ring buffer with: | ||
[[File:Delete ring buffer button.png|100px]] | [[File:Delete ring buffer button.png|border|100px]] | ||
Once this is done, you should see the dialogue: | Once this is done, you should see the dialogue: | ||
[[File:Select ring buffer.png|300px]] | [[File:Select ring buffer.png|border|300px]] | ||
Here you can select '''Create cluster ring buffer'''. Once this is selected, you will see all available clusters of ring buffers. By default, the first cluster is running but has no disk assigned to it. The size of the buffer is 0 Bytes and it drops all packets written into it. | Here you can select '''Create cluster ring buffer'''. Once this is selected, you will see all available clusters of ring buffers. By default, the first cluster is running but has no disk assigned to it. The size of the buffer is 0 Bytes and it drops all packets written into it. | ||
| Line 112: | Line 112: | ||
Also a common use case is to not capture encrypted content. This can be done by setting up a rule for encrypted L7 protocols to capture only up to the L4 header for IP and TCP investigation. This can be configured with the following settings: | Also a common use case is to not capture encrypted content. This can be done by setting up a rule for encrypted L7 protocols to capture only up to the L4 header for IP and TCP investigation. This can be configured with the following settings: | ||
[[File:Ring buffer rule create ssl l4.png|400px]] | [[File:Ring buffer rule create ssl l4.png|border|400px]] | ||
The configured rule will look like: | The configured rule will look like: | ||