Connecting and configuring external storage for the Sensor component

Kaspersky Anti Targeted Attack Platform saves traffic received from network interfaces as network traffic dump files. If you want to ensure long-term storage of network traffic dump files, you can connect and configure external storage. You can use network traffic dump files in external storage to download network traffic as PCAP files.

To connect and configure external storage for network traffic dump files on a server with the Sensor and Central Node components installed:

  1. Connect a disk of at least 100 GB that you want to use as external storage.
  2. Enter Technical Support Mode.
  3. Run the following commands:

    sudo -i

    fdisk -l

    Make sure that the disk that you connected for external storage is displayed in the console.

  4. Run the following commands:

    mke2fs -t ext4 -L DATA -m 0 /dev/<name of the connected disk>

    sudo nano etc/fstab

    This opens the fstab file in a text editor.

  5. Add the following line at the end of the file:

    /dev/<name of the connected disk> /data/volumes/dumps/ ext4 defaults 0 0

  6. Close the text editor.
  7. Run the following commands:

    mount

    rm -r /data/volumes/dumps/*

    These commands delete all data from the connected disk.

    The connected disk will be configured for use as external storage.

  8. Run the following commands:

    chown kluser:klusers /data/volumes/dumps/

    ls -lah /data/volumes/dumps/

    lsblk

    Make sure that in the TYPE MOUNTPOINTS column, /data/volumes/dumps is displayed next to the name of the connected disk.

  9. Run the following commands:

    docker stop $(docker ps | grep preprocessor_span | awk '{print $1}')

    docker ps | grep preprocessor_span

    Wait until the Up 2 seconds appears in the console.

  10. Run the following commands:

    docker exec -it $(docker ps | grep preprocessor_span | awk '{print $1}') bash

    lsblk

    Make sure that in the TYPE MOUNTPOINTS column, the /mnt/kaspersky/nta/dumps value is displayed next to the name of the connected disk.

External storage for network traffic dump files on the server with Sensor and Central Node installed is connected and configured.

To connect and configure external storage for network traffic dump files on a standalone server with the Sensor component installed:

  1. Connect a disk of at least 100 GB that you want to use as external storage.
  2. Enter Technical Support Mode.
  3. Run the following commands:

    sudo -i

    fdisk -l

    Make sure that the disk that you connected for external storage is displayed in the console.

  4. Run the following commands:

    mke2fs -t ext4 -L DATA -m 0 /dev/<name of the connected disk>

    sudo nano etc/fstab

    This opens the fstab file in a text editor.

  5. Add the following line at the end of the file:

    /dev/<name of the connected disk> /data/volumes/dumps/ ext4 defaults 0 0

  6. Close the text editor.
  7. Run the following command:

    rm -r /data/volumes/dumps/*

    These commands delete all data from the connected disk.

External storage for network traffic dump files on the standalone server with the Sensor component installed is connected and configured.

Page top