Dell R620 sensor not seeing traffic from Network Tap or SPAN Port. - RSA Data Loss Prevention (DLP)
RSA Data Loss Prevention (DLP) This applies also applies to a sensor running on VM machine. (verify that there are two virtual network adaptors per DLP Network Deployment Guide)
Dell R620 sensor not seeing traffic from Network Tap or SPAN Port. Output of tcpflowstats shows up under Total Bytes Example: Total Bytes (nic: eth0) . . . . . . . . = 0 Total Packets(All) (nic: eth0). . . . . = 0
Modify the ifcfg-eth0 with the following settings:
change TABLUS_LISTENER_INTERFACE=yes to TABLUS_LISTNER_INTERFACE=no
Modify the ifcfg-eth1 script values:
comment the following values:
(example: #IPADDR, #GATEWAY, #NETMASK. Add the following value to PROMISC=yes, and change the HWADDR= to the mac address listed in the ifconfig -a command.
Reboot the sensor, when system is back up, type tcplflowstats to check which nic is being used.
Logon to sensor as tablus, select option 6 (advanced) then option 1.
(exit to shell)
su to root and change directories to /etc/sysconfig/network-scripts/ directory.
Make a back-up copy of ifcfg-eth0 script is made and then copy another file and name it ifcfg-th1.