You can set up individual pipelines for each port to which the CX Passive Capture Application is forwarding captured data.
- In a text editor, open
TeaLeafCaptureSocket.cfg
. - In the
[Globals]
section, you can specify the port number to receive standard or SSL traffic. In the following example, standard traffic (Port
) is captured on port1966
and forwarded to theDataDrop
session agent. SSL traffic (SSLPort
) is captured on port1967
and forwarded to theDecoupleSSL
session agent:Port=1966:DataDrop #SSLPort=1967:DecoupleSSL
- Note that the SSL pipeline is commented out (
#
), which means that it is current disabled. To enable a pipeline, remove the#
. - Configure the
[firewall]
section. - For the standard traffic port pipeline, the
DataDrop
session agent initiates the pipeline. Search the file for the following string:[DataDrop]
. - In the Data Drop session agent, configure all session agent settings, including the
following configuration item:
DownStreamConfigSection=DecoupleEx
- The
DownStreamConfigSection
property indicates the next session agent to which to pass the data outputted from DataDrop. If you search the file for the following string:[DecoupleEx]
, you will see anotherDownStreamConfigSection
property, which points to the next session agent, and so on. - In this manner, you can build your pipeline until you reach one of the terminal pipeline
session agents:
[Canister]
session agent forwards the session data to a Short Term Canister.[Archive]
session agent writes the session data to an Archive File (TLA) on the server's hard drive.[Null]
session agent discards the data. For debugging purposes.- You can also point the end of a pipeline to the start of the next one.