Article Number | 000030521 |
Applies To | RSA Product Set: Security Analytics RSA Product/Service Type: SA Security Analytics Decoder RSA Version/Condition: 10.x and above |
Issue | When configuring a Security Analytics Decoder to capture traffic, it appears that only one interface, or all interfaces may be selected as shown in the screenshot below:
 |
Cause | At the time of this writing, an administrator may select all interfaces (em2, em3 and em4) or a single interface (em2, em3 or em4) when configuring capture. Capture cannot be configured on a subset of interfaces, such as em2 and em3 only, or em3 and em4 only. |
Resolution | When configuring capture on Security Analytics decoders, all devices (excluding the management interface, em1) may be selected or a single interface of the administrators choosing may be selected. This behavior is by design. To request a change to this behavior, contact RSA customer support, and ask to be added to the enhancement request.
|
Notes | Note that em1/eth0 are reserved for all decoder administrative and management functions and cannot be used for capture. |