When the rpm package is installed, by default the PCA is installed in
/usr/local/ctccap. In addition to the installation directory, other changes are made to the system.
The package creates the log file directory in
/var/log/tealeaf by default, if it does not exist.
- In earlier versions of the PCA, the log directory was
- When you upgrade from an old installation with a non-empty
/usr/local/ctccap/logsdirectory, the package uses the existing directory instead of the newer
/var/log/tealeafdirectory. This behavior is intended to avoid surprising the user by leaving old log files in the old directory (
/usr/local/ctccap/logs) and writing new log files to the new default (
Note: This check for
/usr/local/ctccap/logsis independent of the installation prefix that is chosen for installation for upgrade. If you install Passive Capture into
/opt/tealeaf, the package still looks for a non-empty directory
The tealeaf-pca files are currently unused and are reserved for future use. The tealeaf-web files are used by the default
httpd.conf for the Web Console. The tealeaf-tts files are provided for convenience in configuring SSL connections with the TeaLeaf Transport Service. The
/usr/local/ctccap/etc directory is normally writable by root and the capture user,
- Install crontab file:
/etc/cron.d/tealeaf. The crontab file schedules the execution of "tealeaf cron" as user root.
- Install the following initialization scripts in
- Create the
capture.log filein the log file directory, if the file does not exist.
The package performs the following actions that modify directories and files outside of the installation prefix.
- Create group ctccap if it does not exist.
- Create user ctccap if it does not exist.
/usr/local/ctccap/bin-debug/listendas setuid root (required for listend to open eth devices for packet sniffing; drops down to user ctccap after you open the eth devices).
- Remove PHP session files in
/tmp; they are assumed to be PHP session files for the Passive Capture Web Console.
/etc/syslog.conf(if needed) to ensure that it contains an entry for facility local0 to file
capture.login the log file directory.
- Restart syslogd to force it to reload its configuration and use any changes that are made to
- Add the file
/etc/ld.so.confto point to
/usr/local/ctccap/libto ensure that shared libraries are linked correctly at runtime.