You can set up individual pipelines for each port to which the CX Passive Capture Application is forwarding captured data.
- In a text editor, open
TeaLeafCaptureSocket.cfg. - In the
[Globals]section, you can specify the port number to receive standard or SSL traffic. In the following example, standard traffic (Port) is captured on port1966and forwarded to theDataDropsession agent. SSL traffic (SSLPort) is captured on port1967and forwarded to theDecoupleSSLsession agent:Port=1966:DataDrop #SSLPort=1967:DecoupleSSL - Note that the SSL pipeline is commented out (
#), which means that it is current disabled. To enable a pipeline, remove the#. - Configure the
[firewall]section. - For the standard traffic port pipeline, the
DataDropsession agent initiates the pipeline. Search the file for the following string:[DataDrop]. - In the Data Drop session agent, configure all session agent settings, including the
following configuration item:
DownStreamConfigSection=DecoupleEx - The
DownStreamConfigSectionproperty indicates the next session agent to which to pass the data outputted from DataDrop. If you search the file for the following string:[DecoupleEx], you will see anotherDownStreamConfigSectionproperty, which points to the next session agent, and so on. - In this manner, you can build your pipeline until you reach one of the terminal pipeline
session agents:
[Canister]session agent forwards the session data to a Short Term Canister.[Archive]session agent writes the session data to an Archive File (TLA) on the server's hard drive.[Null]session agent discards the data. For debugging purposes.- You can also point the end of a pipeline to the start of the next one.