If you cannot login to the Web Console, you can edit ctc-conf.xml to configure the CX Passive Capture Application.
Note: Avoid making direct changes to this configuration file. It is recommended that you make changes to your PCA configuration through the Web Console, which provides a user interface into this configuration file.
This file is in the /usr/local/ctccap/etc directory. It can be edited with the vi editor.
- Some of the settings are not displayed in the default configuration file. These settings can be inserted based on configuration changes that are made through the Web Console. All configuration settings that are required for general use of the PCA are available in the default file.
- SSH is run over the standard port 22.
- Always make a backup copy of the configuration file before you make changes to it.
- Do not edit this configuration file or any PCA configuration file by using an editor on a Windows™ machine. The Windows end-of-line (EOL) characters are different from the UNIX™ EOLs used by Linux™. So, configuration errors can occur when the file is reapplied in the PCA Linux environment.
The following tables explain each configuration option in the default configuration file.
<Conf>
Configuration Option | Description |
---|---|
<IPv6ConsoleEnabled> |
You can configure the PCA Web Console to accept IPv6 addresses by default. To enable, set this value to 1. |
<Timeout> |
You can configure this setting to a non-zero value to enable timeouts of PCA Web Console sessions. The specified value defines the number of minutes that a Web Console session is allowed to be idle before it is automatically timed out. Depending on your build, this setting may or may not be present in this location. Please search the file. If the setting is not present in your file, insert it here. |
<Archive>
This section specifies the configuration options for enabling and managing local TCP/IP packet archiving.
Configuration Option | Description |
---|---|
<RecordingEnabled> |
Enables local TCP/IP packet archiving. When enabled, archive files are saved to the archive recording directory (default /usr/local/ctccap/archive) in a rolling archive. Archives are partitioned into 50 MB files.
This setting is disabled by default. |
<MaxSize> |
Specifies the maximum size of the TCP/IP packet archives.
By default, |
</Archive> |
<Capture>
Use the capture configuration settings to configure data capturing from a spanned switch port or network tap.
Configuration Option | Description |
---|---|
<HangingResponseTimeout> |
Specifies the timeout setting (in seconds) between the last packet of the request and the first packet of the response. If the timeout is exceeded, the connection is marked as canceled by the client.
The default is 120 seconds. |
<HangingTransmissionTimeout> |
<Specifies the timeout setting (in seconds) that defines how long Passive Capture waits between packets. If the timeout is exceeded, the connection is marked as a request that was canceled by the client.
The default is 120 seconds. |
<Ignores/> |
|
<ListenFullDuplex> |
Defines if Passive Capture is receiving bidirectional data from a network tap or unidirectional directional from a SPAN port on a network switch or load balancer. If the Passive Capture host machine is receiving data from a network tap, set ListenFullDuplex=False . If the host machine is receiving data from a spanned port, set ListenFullDuplex=True . |
<ListenOnBothInterfaces> |
Indicates whether Passive Capture is listening on one or both of its Ethernet interfaces. It can be used to capture two SPAN ports. If Passive Capture is receiving data from a network tap, set ListenOnBothInterfaces=True . If it is receiving data from a spanned port, set ListenOnBothInterfaces=False . |
<ListenTo> |
Nested within the Passive Capture also supports netmasks. In the event a netmask setting is used, a
|
<ListenTos> |
|
<Address> |
Specifies the IP address of the web server that is being monitored. |
<Port> |
Specifies the port number the web server is listening on. |
<Port2> |
Specifies an extra port number associated to the Address attribute. Optimized for typical two-port monitoring. |
<NetMaskSize> |
Specifies the range of IP addresses to be monitored, through netmask size in bits. |
</ListenTo> |
|
</ListenTos> |
|
<MaxSimultaneousConnections> |
Defines the maximum number of concurrent TCP connections the Passive Capture software is set to handle.
The default value is 10000. |
<MaxConnectionsInSynState> |
Defines the maximum number of concurrent TCP connections where partial TCP connections are established.
The default value is 4000. |
<PrimaryInterface> |
Specifies the name of the primary Ethernet interface.
The default setting is |
<SecondaryInterface> |
Specifies the name of the secondary Ethernet interface. |
<MaxSessionCacheSize> |
Defines the number of maximum number of concurrent SSL connections that can be processed.
The default value is 10,000. |
<MaxInputBufferSize> |
Note: Do not change this setting without first contacting technical support. This setting is used for debugging issues that are related to spiking traffic conditions that are overwhelming the buffer.
Defines the maximum size (in bytes) of the TCP packet handling queue.
The default value is 100,000,000 (approximately 100 MB). When the buffer fills, the PCA begins dropping hits. By enforcing a limit on the buffer, the system prevents a crash. However, data is dropped. |
<MaxMemoryConsumption> |
Note: Do not change this setting without first contacting technical support. This setting is used for debugging issues that are related to spiking traffic conditions that are overwhelming the buffer.
Defines the maximum amount of system memory (in MB) allocated to the capture process.
The default value is 1300 MB (1.3 GB). The PCA is a 32-bit application, which means each CX PCA process can address a maximum of 2 GB of RAM. |
<TransparentLoadBalancingEnabled> |
Enables or disables the transparent load balancing (TLB) feature.
To enable load balancing, set To disable load balancing, set The default value is |
<ReassInstances> |
Configures the number of reassd instances to be created. The default value is 1. |
<SslSessionInfoOnMemcachedServer> |
If transparent load balancing is enabled and The default value for |
<MaxConnectionsRoutingInfo> |
Defines how much TCP connection routing information can be store in the local The default value is 100000. |
<MaxInputRouterdBufferSize> |
Defines the buffer size, in MB, for the The default value is 50 MB. |
<DeleteTcpLargeConnDisabled> |
This setting is a Boolean flag, set to either The maximum size of individual request or responses is defined by the |
<MaxTcpConnSize> |
Maximum permitted size of an individual request or response in a TCP connection. A single TCP connection can have multiple requests or responses, and each one is checked against this limit.
The default value is 2097152. If this limit is exceeded, the TCP connection is automatically closed when the |
<CaptureKeys/> |
|
<CaptureKey> |
This optional section is used to define the SSL keys necessary to support capture of HTTPS traffic from web servers.
|
<Certificate> |
Specifies the location in which the Public key is to be pasted. |
<Label> |
Specifies the text name of private key. |
<PrivateKey> |
Defines the location where the Private Key is to be pasted. |
</CaptureKey> |
|
</CaptureKeys/> |
|
<InstancesEnabled> |
This setting provides a global setting to enable/disable multiple instances. This setting is a Boolean flag, set to either True or False .
|
<Instances> |
Top-level node for nested multiple instance definitions. |
<Instance> |
Instance node for defining the attributes of an instance. |
<InstanceDisabled> |
This setting is a Boolean flag, set to either True or False .
|
<ListenFullDuplex> |
If defined within the instance node, it has the same meaning as the previous primary instance, but this setting applies to this specific instance.
If it is not defined, then the instance inherits the value from the primary instance. Set |
<ListenOnBothInterfaces> |
If defined within the Instance node, it has the same meaning as the previous primary instance, but this setting applies to this specific instance.
If it is not defined, then the instance inherits the value from the primary instance. Set |
<TcpChecksumDisabled> |
By default, the CX PCA runs a checksum validation of the TCP packets that are submitted to it. Environments where a large receive option (LRO) or checksum offloading is enabled, PCA checksum validation fails. Set the value to True to disable it.
If this setting is not in the default XML, the CX PCA assumes that checksum validation is wanted and enabled. This setting appears in the XML after packet checksum validation is disabled through the PCA Web Console Interface tab by selecting the Disable Packet checksum validation check box. |
<PipelineInstances> |
Indicates the number of pipeline processes (pipelined) to create a system capable of having multiple pipelines. You can add one extra pipelined process for each additional processor core that is idle.
By default, this value is set to 1. |
<SslHwCheckDisabled> |
When set to true, the CX PCA disables the scanning for and use of SSL hardware accelerator cards.
The default value is |
<MaxPipelineSHMQueueSize> |
Defines the size in megabytes of the queue that feeds hits to instances of the pipeline.
By default, this value is set to 100 MB. Maximum allowed value is 200 MB. |
<MaxPipelineSHMQueue2Size> |
Defines the size in megabytes of the queue that feeds hits from the instances of the pipeline to the Tcl engine module.
By default, this value is set to 100 MB. Maximum allowed value is 200 MB. |
</Capture> |
<Delivery>
This section includes the attributes for configuring real-time data transportation from the Passive Capture host machine to the Tealeaf CX Server environment.
Configuration Option | Description |
---|---|
<DeliveryMode> |
Configures the delivery mode for the PCA delivering to its peers.
|
<BatchInterval> |
This setting is not used. |
<MaxQueueDepth> |
Defines the maximum size (in bytes) of the queue for sending data to the Tealeaf CX Server. The default value is 0, which sets the queue depth to 50MB. |
<MyCertificate> |
This setting is not used. |
<MyPrivateKey> |
This setting is not used. |
<StatisticsHitEnabled> |
This setting is a Boolean flag, set to either True or False .
|
<StatisticsHitHost> |
This setting is either the host name or IP address of the machine that runs the Transport Service that receives statistics hits. |
<StatisticsHitIntervalSeconds> |
This setting, a positive number, is the minimum number of seconds to lapse between attempts to send statistics hits.
If set to 0 (zero), statistics hits are not sent. |
<StatisticsHitPort> |
This setting, a positive port number, is the TCP/IP port number to use while connecting to the Transport Service on the host. |
<StatisticsHitSecure> |
This setting, a Boolean flag, indicates if the connection to the Transport Service is enabled for SSL. It can be set to either True or False .
If unspecified, it is treated as though set to False. |
<TimeSourceHost> |
Designates the domain name or IP address of the host running the Transport Service to be used as a time source. If you do not want to synchronize to a time source, leave this field empty. |
<TimeSourcePort> |
Designates the port on which the time source host listens for time source queries. If you do not want to synchronize to a time source, leave this field empty. |
<Peers> |
|
<Peer> |
Defines the IP address and port of the receiving Tealeaf CX Server environment. A <Peer> section must be defined for each receiving Tealeaf CX Server machine. |
<Host> |
Specifies the IP address or host name of the Tealeaf CX Server receiving data from the Passive Capture host machine. |
<Port> |
Specifies the IP port number on the Tealeaf CX Server to which the data is being sent.
The default value is 1966. |
</Peers> |
|
<PollingInterval> |
This setting is not currently being used. |
<WatchdogTimer> |
Specifies the maximum time (in seconds) allowed to make a connection to the CX Server. If the timeout is exceeded, the connection is marked as disconnected.
The default value is 30 seconds. |
</Delivery> |
|
<ConfigurationChangeTime> |
Specifies the UNIX time (seconds since January 1, 1970 Coordinated Universal Time) since the last update made to the configuration file by the Web Console.
Note: Do not change this setting. This setting is automatically changed when there is an update through the Web Console.
|
<Parse>
The following configuration settings are used to define the sessionization parameters for the Tealeaf Cookie Injector.
Configuration Option | Description |
---|---|
<UserIDName> |
(Optional) Specifies the HTTP(S) header value that is set by the Cookie Injector as the user ID attribute. The default value is TLTUID . |
<SessionIDName> |
Specifies the HTTP(S) header value that is set by the Cookie Injector as the Session ID attribute. The default value is TLTUID . |
<HitIDName> |
Specifies the HTTP(S) header value that is set by the Cookie Injector as the Hit ID attribute. The default value is TLTUID . |
<TealeafCookies> |
Specifies whether Cookie Injector is being used. The default value is True . |
<CaptureMode> |
Specifies the capture mode being used. There are two possible settings: Business and BusinessIT .
|
<ExcludeExtensions> |
Specifies the files extensions to exclude from the captured DataStream. This setting can be used to refine the behavior that is specified by CaptureMode. |
<IncludeExtensions> |
Specifies files extensions that are fully captured. Binary files such as PDFs can now be included in capture. |
<CaptureAllTypes> |
Specifies Content-Types (MIME types) for which to capture a full hit (including response). |
<IncludeMethods> |
Specifies the HTTP methods to include. The default values are Get , Post , and Put . |
<RawRequest> |
Determines whether RawRequest is on. RawRequest is an aid in debugging. The default value is False (disabled).
If set to Note: It is recommended to set the value to
False to prevent extra data from being added to each hit. |
<ResponseHeaders> |
Determines whether ResponseHeaders are on. ResponseHeaders are aids in debugging. The default value is False (disabled).
If enabled ( Note: It is recommended to set the value to
False to prevent extra data from being added to each hit. |
<MaxResponseSize> |
Specifies the largest acceptable response size (in bytes).
The default value is 1572864 (1.5 MB). |
<MaxDataSizeBytes> |
The maximum number of bytes allowed for communication between Passive Capture and the binary hit representation that is used for communicating with the Transport Service.
The default value is 2 MB (2097152). |
<MaxRequestSizeBytes> |
The maximum number of bytes allowed for HTTP requests. Exceeding this value causes a dropping of the request body or the entire request.
The default value is 2 MB (2097152). |
<ShrinkToFit> |
If set to True , the hit processing code does not allocate extra space when it resizes buffers. The extra space minimizes future reallocations, which increases performance.
|
<InflateEnabled> |
If a response has a content-encoding header whose value is deflate , gzip , or x-gzip , then it is a candidate for having the body inflated (expanded from its compressed state).
|
<MoveXMLToREQ> |
Relocates the XML from the response to an XML section in the request.
Note: This feature is disabled. Regardless of the value that is defined, the PCA behaves as if this attribute is set to
False . |
<UnReqCancelled> |
If enabled, this option checks the last 100 bytes of the response body for when capturetype=1 and marked as canceled. |
<CookieParsingEnabled> |
If this option is selected, a cookies section is added to the request. |
<URLDecodingEnabled> |
This option determines whether to URL-decode urlfields. |
<DelImagesEnabled> |
When selected, this option enables the DelImages feature in the PCA, which automatically deletes image hits that meet specific criteria. |
<SessioningEnabled> |
If this option is set, hits are grouped in sessions that are based on <SessField/> . |
<SessField> |
The primary field on which to sessionize. It must be defined, if sessioning is enabled. This value can be any field in the request buffer, [urlfield] name-value pair, or REMOTE_ADDR in the [env] section.
You may specify the primary sessioning field and alternates as a comma-delimited list of field names. Field names in separate sections can be prefaced with the section name, such as |
<SessSection> |
Optional field that indicates which section of the request buffer the SessField is found. Use this field only if an explicit section is not referenced in the SessField value or values. If it is not specified, the entire request is searched and the first match is used. |
<SessFieldMaskOff> |
Specifies a substring of the SessField request field to use for sessioning. This value can be two zero-based offsets or a starting offset and the word end to use everything from the starting position to the end of the value. For example:
|
<SessCaseInsensitive> |
When set to True , the SessField and SessSection (if specified) can have mixed-case values.
Note: This option should be avoided, as case-insensitive matching uses more system resources than case-sensitive matching.
This setting applies only to the parameter name and not the parameter value. |
<TimeGradesEnabled> |
If enabled, time Grading can assign a grade to a hit in one of the following three areas:
|
<WSGenBreaks> |
How long it takes the web server to serve up the page. Comma-delimited name-value pairs (name:value , name:value ). |
<NetworkTransitBreaks> |
Measures network speed by how much time a packet spent on the network. Comma-delimited name-value pairs (name:value , name:value )). |
<RoundTripBreaks> |
How long it takes an arbitrary packet to travel from the client to the web server. Comma-delimited name-value pairs (name:value , name:value ). |
<SamplingEnabled> |
Session sampling, if enabled, specifies a percentage of sessions to delete from the capture. |
<SamplePercentage> |
The percentage of traffic to save, if sampling is enabled. |
<PrivacyEnabled> |
Determines if privacy is enabled. |
<InflatePreserveResponseOnErr> |
Selecting this option turns on the inflate feature. If a response has a content-encoding header whose value is deflate , gzip , or x-gzip , then it is a candidate for having the body inflated and expanded from its compressed state.
If the inflate fails, a message is logged at the notice log level. If the inflate succeeds, the value of the content-encoding header is overwritten with the character X. For example, the value of content-encoding might be |
<XforwardingEnable> |
When set to True , the PCA is configured to parse a specified HTTP-X-FORWARDING field.
Note: This entry is not created until X-forwarding is enabled.
|
<XforwardingField> |
When XforwardingEnable is set to True , this field identifies the HTTP-X-FORWARDING field. This entry is not created until X-forwarding is enabled. |
</Parse> |
|
<LastWSDescription> |
When TimeGrades is enabled, the description to use for WSGen times that exceed the last time that is defined by WSGenBreaks . |
<LastNTDescription> |
When TimeGrades is enabled, the description to use for Network Transit times that exceed the last time that is defined by NetworkTransitBreaks . |
<LastRTDescription> |
When TimeGrades is enabled, the description to use for Round Trip times that exceed the last time that is defined by RoundTripBreaks . |
<DeflateEnabled> |
If set to True , the response of each hit is compressed (if not already) before it is sent to the delivery peer.
The default value is |
<HitArchiveEnabled> |
If set to True , all captured hits are also written to an archive file (TLA) on the local drive. This is primarily for troubleshooting and is not for use normal circumstances.
The default value is |
<HitArchiveDirectory> |
Directory where hit archives are written when HitArchiveEnabled=True . |
<HitArchiveRollSizeMBytes> |
Specify the roll file size in megabytes, default value is 100 MB. |
<Failover>
Configuration Option | Description |
---|---|
<Enabled> |
If failover is enabled, a backup Passive Capture host machine (subordinate) takes over if the main one (Master) fails. |
<MasterAddress> |
Address of the master failover machine. |
<MasterPort> |
Port of the master failover machine. |
<SlaveAddress> |
Address of the subordinate failover machine. |
<SlavePort> |
Port of the subordinate failover machine. |
<HeartbeatInterval> |
How long to wait between heartbeats. |
<HeartbeatTimeout> |
The amount of time Passive Capture waits for a response to a heartbeat before calling it a timeout. |
<TimeoutLimit> |
The number of consecutive heartbeat timeouts that are allowed before failover is forced. |
<AutoFailback> |
Passes control (active state) from the subordinate Passive Capture host machine back to the Master Passive Capture host machine once the master machine is ready to take control again. |
<FailbackDelay> |
The minimum number of seconds to wait before doing automatic failback. |
<FailoverOnSvcRestart> |
This option determines whether a failover is triggered when the capture services are restarted on the active PCA server. |
<RemoteMonitors> |
|
<RemoteMonitor> |
A Remote Monitor is a computer (represented by a host name or IP address) that is allowed to receive failover state information by sending heartbeats to a Passive Capture host machine configured for failover. |
<Host> |
Host name of the remote monitor. |
<CanControl> |
If this option is enabled, the remote monitor can force a failover or failback. |
</RemoteMonitor/> |
|
</Failover> |
|
</Conf> |
<Pool>
You can configure SSL pool settings through the SSL tab in the PCA Web Console.
Configuration Option | Description |
---|---|
<PoolPeer> |
Contains the SSL pool configuration settings for the local PCA server. The default value is |
<IPv6> |
Defines if the IP address uses IPv6. The default value is |
<Address> |
IP address for the PCA server The default value is |
<Port> |
Port number for the PCA server The default value is |
<CacheSize> |
Defines the size in MB of the memory cache that contains the SSL session information. The default value is |
<Secure> |
Enables or disables secure communication between PCA servers in the SSL pool. The default value is |