Selective network data collection gives administrators the ability to apply centrally managed capture policies across their Network Decoders. This results in better use of Decoder resources, including hard drive space, which leads to more predictable costs and lessens the burden of managing multiple services. You can determine which traffic is stored and how it is stored by using policies. Each policy contains a list of supported base protocols and definitions for handling any other protocols that are detected. The administrator can choose to deploy predefined policies that capture:
- All base and other protocols (Full Capture - All Protocols)
- Only metadata on all base and other protocols (Capture Meta Only - All Protocols)
- Only metadata on all base protocols and drop all other protocols (Capture Meta on Base Protocols, Drop all other protocols)
- All base protocols and only metadata on all other protocols (Full Capture on Base Protocols, Meta only on all other protocols)
The predefined policies are not configurable. The only way you can edit predefined policies is by assigning services (such as Decoders) to deploy them.
Administrators can create custom policies to give further control over the deployment. A base set of protocols is available for alterations by the administrator, allowing you to choose what level of capture you prefer on a per-protocol basis. If you are only making slight changes, a good start for customization is to clone one of the predefined polices and alter it. These centrally managed policies are then applied to services (Network Decoders) to allow handling multiple use cases across your environment.
The following figure depicts the workflow for common Decoder configuration tasks with the steps you can complete in this view highlighted.
What do you want to do?
|User Role||I want to...||Documentation|
|Administrator||use predefined selective collection policies*||(Optional) Configure Selective Network Data Collection|
|Administrator||create new policies from predefined ones*||(Optional) Configure Selective Network Data Collection|
|Administrator||create custom policies*||(Optional) Configure Selective Network Data Collection|
|Administrator||verify policies||(Optional) Configure Selective Network Data Collection|
|Administrator||unpublish policies*||(Optional) Configure Selective Network Data Collection|
|Administrator||delete policies*||(Optional) Configure Selective Network Data Collection|
*You can complete these tasks here.
This is an example of the Capture Policies tab.
|1||Create New - Provides a wizard to create a new policy.|
|2||Edit - Provides a wizard to edit an existing custom policy.|
|3||Clone - Selects an existing policy (predefined or custom) and copies it to create a new policy.|
|4||Delete - Removes policies.|
The following table describes the contents of the Capture Policies tab.
The name of the policy (not editable for predefined policies).
The description of the policy (not editable for predefined policies).
|Publication Status|| |
|Service Assignment||Identity of the Decoder or service on which the policy is run.|
|Policy Updated||Date the policy was edited.|
|Updated By||Role of the person who updated the policy.|
|Policy Created||Date on which the policy was created.|
|Created By||Role of the person who created the policy.|