Decoder: Step 5. Start and Stop Data Capture

Document created by RSA Information Design and Development on Apr 21, 2016
Version 1Show Document
  • View in full screen mode

This topic provides a procedure for starting and stopping data capture on Decoders.

When a Decoder starts up, it automatically begins aggregating data if Capture Autostart is enabled. When autostart is not enabled, you can start and stop data capture manually.

Note: The Capture Configuration Settings in the Service Config view for a Decoder determine whether Capture Autostart is enabled, as well as adapter, cache, data base, and hash settings.


To start and stop capture:

  1. In the Security Analytics menu, select Administration > Services.
  2. In the Admin Services view, select a Decoder or Log Decoder service, and select Actions menu cropped > View > System.
  3. In the toolbar, click Start Capture.
    If the service is a Decoder, it begins capturing packets. If the service is a Log Decoder, it begins capturing logs.
    When packet or log capture is in progress, the option in the toolbar changes to Stop Capture, and the option to upload a file is unavailable.
  4. Whenever you want to discontinue traffic capture on a Decoder, click Stop Capture.
    Packet or log capture ceases, and the option to upload a file to the service is again available.
You are here: Required Procedures > Step 5. Start and Stop Data Capture