Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

For administrators: Getting started with the application web interface

Managing the Sensor component

Configuring raw network traffic recording

Enabling and configuring raw network traffic recording on a standalone server with the Sensor component

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Forum Contact support Recovery tools

Enabling and configuring raw network traffic recording on a standalone server with the Sensor component

May 13, 2024

ID 266037

To enable raw network traffic recording on a standalone server with the Sensor component:

  1. Connect and configure external storage.
  2. Enter the management console of the Sensor server via the SSH protocol or through a terminal.
  3. When the system prompts you, enter the administrator user name and the password that was set during the installation of the application.

    This opens the settings menu for the Sensor component. If the menu does not open, enter the kata-admin-menu command and press Enter.

  4. Go to the Program settings → Configure traffic capture section.

    To select a row, you can use the , , and Enter keys. The selected row is highlighted in red.

  5. This opens a window, in that window, select the Enabled traffic storage line and press Enter.

    [x] is displayed to the right of the title of the line.

    Raw network traffic recording on the standalone server with the Sensor component will be enabled.

  6. If necessary, edit raw network traffic recording settings:
    1. Select the Traffic storage size line and press Enter. This opens a window; in that window, specify the maximum total size of stored raw traffic dumps, in terabytes.

      The minimum value is set to 100 GB by default. The maximum value is 1,000,000 TB. For correct operation of the application, the connected drive must have at least the specified amount of free disk space. If the number entered in this field exceeds the free disk space on the connected drive, an error is displayed.

    2. Select the OK button and press Enter.
    3. Select the Traffic capture BPF-filter line and press Enter. This opens a window; in that window, enter the filtering rule. The BPF filtering rule is written in the libpcap format. For more details about the syntax, please refer to the pcap-filter manual page.

      Example of a filtering expression:

      tcp port 102 or tcp port 502.

    4. Select the OK button and press Enter.
    5. Select the Traffic storage duration (in days) line and press Enter. This opens a window; in that window, enter the storage duration for raw network traffic dumps in the storage, in days.
    6. Select the OK button and press Enter.

Raw network traffic recording on the standalone server with the Sensor component is performed in accordance with the specified settings.

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.