In the Edit Policies view ( (Configure) > Capture Policies > Edit, administrators can configure selective network data collection policies. The panels for creating a new policy and editing an existing policy are the same except that in the editing wizard, the definitions of the existing policy are displayed.
You can edit existing policies to customize them for your environment. A base set of protocols are available for alterations, allowing you to choose what level of capture you prefer on a per-protocol basis. If you are only making slight changes, a good start for customization is to clone one of the predefined polices and alter it.
Note: A set of predefined policies are available immediately. The only way you can edit a predefined policy is by assigning Decoders to the policy to collect the targeted data.
The following figure shows the workflow for common Decoder configuration tasks with the steps you can complete in this view highlighted.
What do you want to do?
|User Role||I want to...||Documentation|
|Administrator||create new policies from predefined ones*||(Optional) Configure Selective Network Data Collection|
|Administrator||create custom policies*||(Optional) Configure Selective Network Data Collection|
|Administrator||unpublish policies*||(Optional) Configure Selective Network Data Collection|
|Administrator||delete policies*||(Optional) Configure Selective Network Data Collection|
*You can complete these tasks here.
- To access the Edit Policy wizard, go to (Configure) > Capture Policies, select a policy, and click Edit.
The Identify Policy page is displayed, where you can change the name and description of the policy.
- To view the Define Policy page, click Next.
In the Define Policy page, you can define rule actions for the protocols for which you are interested in collecting data. The rule actions are:
- Collect Meta Only: Collect metadata
- Drop All: Drop metadata and network packets
- Collect All: Collect metadata and network packets
You can click Save and Close to save your policy without deploying it on Decoders.
The following table describes the actions of the buttons on this page.
|Previous||Go to the previous page of the wizard|
|Next||Keep updates from the current page and go to the next page of the wizard.|
|Save and Close||Save the policy definitions without publishing the policy.|
|Save and Publish||Save the policy definitions and publish the policy to Decoders to begin data collection.|
|Cancel||Cancel the definitions and return to the Capture Policies tab.|
This is where you assign the policy to Decoders to capture the data. The following table describes the columns in this page.
|Service Name||The name of a service. For 11.5, Decoder is the only available service.|
|Policy||The policy that a Decoder is assigned to.|
|Host||The IP address or name of the host system for the Decoder.|
|Service Type||The type of service the policy is published to. For 11.5, the service type is decoder.|
|Version||The version of NetWitness Platform that is installed on the service host.|