|Applies To||RSA Data Loss Prevention (DLP)|
This applies also applies to a sensor running on VM machine. (verify that there are two virtual network adaptors per DLP Network Deployment Guide)
|Issue||Dell R620 sensor not seeing traffic from Network Tap or SPAN Port.|
Output of tcpflowstats shows up under Total Bytes Example: Total Bytes (nic: eth0) . . . . . . . . = 0
Total Packets(All) (nic: eth0). . . . . = 0
Modify the ifcfg-eth0 with the following settings:
change TABLUS_LISTENER_INTERFACE=yes to TABLUS_LISTNER_INTERFACE=no
Modify the ifcfg-eth1 script values:
comment the following values:
(example: #IPADDR, #GATEWAY, #NETMASK. Add the following value to PROMISC=yes, and change the HWADDR= to the mac address listed in the ifconfig -a command.
Reboot the sensor, when system is back up, type tcplflowstats to check which nic is being used.
Logon to sensor as tablus, select option 6 (advanced) then option 1.
(exit to shell)
su to root and change directories to /etc/sysconfig/network-scripts/ directory.
Make a back-up copy of ifcfg-eth0 script is made and then copy another file and name it ifcfg-th1.
|Legacy Article ID||a66930|