When the rpm package is installed, by default the PCA is installed in /usr/local/ctccap. In addition to the installation directory, other changes are made to the system.

The package creates the log file directory in /var/log/tealeaf by default, if it does not exist.

• In earlier versions of the PCA, the log directory was /usr/local/ctccap/logs.
• When you upgrade from an old installation with a non-empty /usr/local/ctccap/logs directory, the package uses the existing directory instead of the newer /var/log/tealeaf directory. This behavior is intended to avoid surprising the user by leaving old log files in the old directory (/usr/local/ctccap/logs) and writing new log files to the new default (/var/log/tealeaf).

  Note: This check for /usr/local/ctccap/logs is independent of the installation prefix that is chosen for installation for upgrade. If you install Passive Capture into /opt/tealeaf, the package still looks for a non-empty directory /usr/local/ctccap/logs.

The tealeaf-pca files are currently unused and are reserved for future use. The tealeaf-web files are used by the default httpd.conf for the Web Console. The tealeaf-tts files are provided for convenience in configuring SSL connections with the TeaLeaf Transport Service. The /usr/local/ctccap/etc directory is normally writable by root and the capture user, ctccap.

• Install crontab file: /etc/cron.d/tealeaf. The crontab file schedules the execution of "tealeaf cron" as user root.
• Install the following initialization scripts in /etc/init.d:
  • tealeaf-pca
  • tealeaf-startup
• Create the capture.log file in the log file directory, if the file does not exist.

The package performs the following actions that modify directories and files outside of the installation prefix.

• Create group ctccap if it does not exist.
• Create user ctccap if it does not exist.
• Set /usr/local/ctccap/bin/listend and /usr/local/ctccap/bin-debug/listend as setuid root (required for listend to open eth devices for packet sniffing; drops down to user ctccap after you open the eth devices).
• Remove PHP session files in /tmp; they are assumed to be PHP session files for the Passive Capture Web Console.
• Update /etc/syslog.conf (if needed) to ensure that it contains an entry for facility local0 to file capture.log in the log file directory.
• Restart syslogd to force it to reload its configuration and use any changes that are made to /etc/syslog.conf.
• Add the file /etc/ld.so.conf.d/tealeaf.conf or modify /etc/ld.so.conf to point to /usr/local/ctccap/lib to ensure that shared libraries are linked correctly at runtime.