Managing the settings for saving traffic dump files

The application saves traffic received through the monitoring points as traffic dump files. These files are used by the application to analyze the incoming traffic. You can also use these files to perform the following actions in the application:

• Downloading traffic received by the node monitoring points
• Downloading traffic when working with the network interaction map
• Downloading network session traffic
• Downloading traffic for events (traffic dump files allow you to download traffic for events, even if traffic saving is disabled for the corresponding event types)

Traffic dump files are stored in the storages on the nodes where the application components are installed. On each node, both the internal storage of a node (created automatically when an application component is installed on the node) and the external storage, if connected on the node, can be used.

The application stores the traffic dump files temporarily. As traffic arrives, the application automatically deletes the oldest traffic dump files from the storages if the total volume of files approaches the limit set for the storage.

For each node, you can configure the settings for saving traffic to the internal storage. You can also connect the external storage of the node and configure the settings for saving traffic to the external storage.

To configure the settings for saving traffic dump files to the internal storage of the node:

1. Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using the Administrator account.
2. Select Settings → Deployment.
3. Select the tile of the relevant node.

   The details area appears in the right part of the web interface window.

4. Click the Edit button.

   The details area will show the tabs for configuring the node parameters.

5. If necessary, on the General tab, in the Filtering stored traffic section, enable filtering and enter a filtering expression using the Berkeley Packet Filter (BPF) technology based on the address settings of the network packets.

   Filtering reduces the volume of the stored traffic by skipping the network packets that do not match the filter. However, when using filtering, keep in mind that the application may not receive all the data necessary for high-quality traffic analysis in the filtered traffic. Configure filtering so that all network packets that are required for traffic analysis according to the application functionality are saved in the traffic dump files.

6. Go to the Traffic dump files settings group and use the Max volume setting to define the size limit for storing traffic dump files.

   You can select the unit of measure for the space limit: MB or GB.

   When changing the value of this setting, you need to keep in mind that the volume and rate of incoming traffic and the sum of all space limits cannot exceed the defined maximum storage limit for the node.

7. Click Save.