Kaspersky Anti Targeted Attack Platform saves traffic received from network interfaces as network traffic dump files. If you want to ensure long-term storage of network traffic dump files, you can connect and configure external storage. You can use network traffic dump files in external storage to download network traffic as PCAP files. We recommend using SSD drives as external storage.
To connect and configure external storage for network traffic dump files on a server with the Sensor and Central Node components installed:
sudo -i
fdisk -l
Make sure that the disk that you connected for external storage is displayed in the console.
mke2fs -t ext4 -L DATA -m 0 /dev/<name of the connected disk>
sudo nano /etc/fstab
This opens the fstab file in a text editor.
/dev/<name of the connected disk> /data/volumes/dumps/ ext4 defaults 0 0
mount
rm -r /data/volumes/dumps/*
These commands delete all data from the connected disk.
The connected disk will be configured for use as external storage.
chown kluser:klusers /data/volumes/dumps/
ls -lah /data/volumes/dumps/
lsblk
Make sure that in the
MOUNTPOINTS
column, /data/volumes/dumps is displayed next to the name of the connected disk.
docker service update kata_product_main_1_preprocessor_span --force
docker ps | grep preprocessor_span
Wait until the
Up 2 seconds appears in the console.
docker exec -it $(docker ps | grep preprocessor_span | awk '{print $1}') bash
lsblk
Make sure that in the
MOUNTPOINTS
column, the /mnt/kaspersky/nta/dumps value is displayed next to the name of the connected disk.
This opens a window with information about the component.
You can select the unit of measure for the space limit: MB or GB.
External storage for network traffic dump files on the server with Sensor and Central Node installed is connected and configured.
To connect and configure external storage for network traffic dump files on a standalone server with the Sensor component installed:
sudo -i
fdisk -l
Make sure that the disk that you connected for external storage is displayed in the console.
mke2fs -t ext4 -L DATA -m 0 /dev/<name of the connected disk>
sudo nano /etc/fstab
This opens the fstab file in a text editor.
/dev/<name of the connected disk> /data/volumes/dumps/ ext4 defaults 0 0
rm -r /data/volumes/dumps/*
These commands delete all data from the connected disk.
This opens a window with information about the component.
You can select the unit of measure for the space limit: MB or GB.
External storage for network traffic dump files on the standalone server with the Sensor component installed is connected and configured.
Page top