Connecting and configuring external storage for the Sensor component
August 12, 2024
ID 267995
Kaspersky Anti Targeted Attack Platform saves traffic received from network interfaces as network traffic dump files. If you want to ensure long-term storage of network traffic dump files, you can connect and configure external storage. You can use network traffic dump files in external storage to download network traffic as PCAP files.
To connect and configure external storage for network traffic dump files on a server with the Sensor and Central Node components installed:
- Connect a disk of at least 100 GB that you want to use as external storage.
- Enter Technical Support Mode.
- Run the following commands:
sudo -i
fdisk -l
Make sure that the disk that you connected for external storage is displayed in the console.
- Run the following commands:
mke2fs -t ext4 -L DATA -m 0 /dev/<name of the connected disk>
sudo nano etc/fstab
This opens the fstab file in a text editor.
- Add the following line at the end of the file:
/dev/<name of the connected disk> /data/volumes/dumps/ ext4 defaults 0 0
- Close the text editor.
- Run the following commands:
mount
rm -r /data/volumes/dumps/*
These commands delete all data from the connected disk.
The connected disk will be configured for use as external storage.
- Run the following commands:
chown kluser:klusers /data/volumes/dumps/
ls -lah /data/volumes/dumps/
lsblk
Make sure that in the
- Run the following commands:
docker stop $(docker ps | grep preprocessor_span | awk '{print $1}')
docker ps | grep preprocessor_span
Wait until the
- Run the following commands:
docker exec -it $(docker ps | grep preprocessor_span | awk '{print $1}') bash
lsblk
Make sure that in the
External storage for network traffic dump files on the server with Sensor and Central Node installed is connected and configured.
To connect and configure external storage for network traffic dump files on a standalone server with the Sensor component installed:
- Connect a disk of at least 100 GB that you want to use as external storage.
- Enter Technical Support Mode.
- Run the following commands:
sudo -i
fdisk -l
Make sure that the disk that you connected for external storage is displayed in the console.
- Run the following commands:
mke2fs -t ext4 -L DATA -m 0 /dev/<name of the connected disk>
sudo nano etc/fstab
This opens the fstab file in a text editor.
- Add the following line at the end of the file:
/dev/<name of the connected disk> /data/volumes/dumps/ ext4 defaults 0 0
- Close the text editor.
- Run the following command:
rm -r /data/volumes/dumps/*
These commands delete all data from the connected disk.
External storage for network traffic dump files on the standalone server with the Sensor component installed is connected and configured.