Decoder: Step 5. Start and Stop Data Capture

Document created by RSA Information Design and Development on Jun 25, 2017Last modified by RSA Information Design and Development on Sep 25, 2017
Version 2Show Document
  • View in full screen mode
  

This topic provides a procedure for starting and stopping data capture on Decoders.

When a Decoder starts up, it automatically begins aggregating data if Capture Autostart is enabled. When autostart is not enabled, you can start and stop data capture manually.

Note: The Capture Configuration Settings in the Service Config view for a Decoder determine whether Capture Autostart is enabled, as well as adapter, cache, data base, and hash settings.

Procedure

To start and stop capture:

  1. In the Security Analytics menu, select Administration > Services.
  2. In the Admin Services view, select a Decoder or Log Decoder service, and select Actions menu cropped > View > System.
  3. In the toolbar, click Start Capture.
    If the service is a Decoder, it begins capturing packets. If the service is a Log Decoder, it begins capturing logs.
    When packet or log capture is in progress, the option in the toolbar changes to Stop Capture, and the option to upload a file is unavailable.
  4. Whenever you want to discontinue traffic capture on a Decoder, click Stop Capture.
    Packet or log capture ceases, and the option to upload a file to the service is again available.
You are here
Table of Contents > Required Procedures > Step 5. Start and Stop Data Capture

Attachments

    Outcomes