on Jun 14, 2016Article Content
| Article Number | 000030521 |
| Applies To | RSA Product Set: Security Analytics RSA Product/Service Type: SA Security Analytics Decoder RSA Version/Condition: 10.x and above |
| Issue | When configuring a Security Analytics Decoder to capture traffic, it appears that only one interface, or all interfaces may be selected as shown in the screenshot below: |
| Cause | At the time of this writing, an administrator may select all interfaces (em2, em3 and em4) or a single interface (em2, em3 or em4) when configuring capture. Capture cannot be configured on a subset of interfaces, such as em2 and em3 only, or em3 and em4 only. |
| Resolution | When configuring capture on Security Analytics decoders, all devices (excluding the management interface, em1) may be selected or a single interface of the administrators choosing may be selected. This behavior is by design. To request a change to this behavior, contact RSA customer support, and ask to be added to the enhancement request. |
| Notes | Note that em1/eth0 are reserved for all decoder administrative and management functions and cannot be used for capture. |