Configuring a Capture Engine - LiveWire

Engine Configuration—General

The General view of the Capture Engine Configuration Wizard lets you configure the name, address, capture restart, local disk use, and log settings for the Capture Engine.

• Name: Type a name for the Capture Engine. This name appears in the Capture Engines window in Omnipeek.
• Enable AutoDiscovery: Select this check box to enable the Capture Engine to respond to autodiscovery requests which arrive from the Capture Engine Manager.
• Use any available IP address: Select this check box to accept communications on any and all IP addresses assigned to the computer on which the Capture Engine is installed.
• IP address: Select the IP address used to communicate with the Capture Engine. The Capture Engine will respond to communications only on that address. This option is not available when Use any available IP address is selected.
• Port: Type a port used for communications. The default port is 6367.
• Maximum concurrent connections: Type or select the maximum number of concurrent Omnipeek connections allowed for the Capture Engine.
• Automatically restart captures: Select this check box to automatically restart captures whenever the Capture Engine restarts. When enabled, the Capture Engine remembers any capture (active or idle) defined for it, and restores the capture whenever the Capture Engine itself is restarted.
• Data folder: Type or browse to the location for the data folder. The Capture Engine uses this location to store packet files created when the Capture to Disk option is used. The contents of the data folder appear in the Files tab of the Omnipeek Capture Engines window.
• Log max: Select or enter the maximum number of records in the application log. These are the log records you see in the Capture Engine log view. You can enter a range between 100,000 to 100,000,000 records (do not include commas). The default is 200000.
• Log adjust: Select or enter the number of application log records that are deleted (the oldest records are deleted first) when the maximum number of log records is reached. You can enter a range between 10,000 to 100,000,000 messages (do not include commas). The default is 100000.

Engine Configuration—Security

The Security view of the Capture Engine Configuration Wizard lets you set security and authentication settings.

• Authentication:
  • Enable OS Authentication Only: Select this check box to use the Operating System authentication only, and to disable all other third-party authentication mechanisms.
  • Enable Third-party Authentication: Select this check box to enable third-party authentication using an Active Directory, RADIUS, or TACACS+ authentication server. For more information on enabling Third-party authentication, see Third-party authentication with Capture Engines.
  • Insert: Click to display the Edit Authentication Setting dialog, which allows you to name the setting and select from one of the following Third-party Authentication types:
    • Active Directory: Select this type to enable Active Directory authentication, and then configure the host information: Host (domain controller) and Port settings (Capture Engine (Windows)); or Realm (domain controller) and KDC settings (Capture Engine (Linux)).
    • RADIUS: Select this type to enable RADIUS authentication, and then configure the Host (IP address), Port, and Secret settings (select Hide Typing to hide the settings) for the RADIUS authentication server.
    • TACACS+: Select this type to enable TACACS+ authentication, and then configure the Host (IP address), Port, and Secret settings (select Hide Typing to hide the settings) for the TACACS+ authentication server.
  • Edit: Click to edit the selected authentication setting.
  • Delete: Click to delete the selected authentication setting.
  • Move Up: Click to move the selected authentication setting higher up in the list.
  • Move Down: Click to move the selected authentication setting lower up in the list.

Engine Configuration—Edit Access Control

The Edit Access Control view of the Capture Engine Configuration Wizard lets you define which users have access to a Capture Engine and which classes of actions (policies) each user is allowed to perform.

• Use access control: Select this check box to enable Access Control.
• The Policy column lists the predefined policies:
  • System: Allow usage
  • Capture: Create new capture
  • Capture: Delete captures created by others
  • Capture: Modify captures created by others
  • Capture: Start/Stop captures created by others
  • Capture: View packets from captures created by others
  • Capture: View stats from captures created by others
  • Configuration: Configure engine settings
  • Configuration: View/modify matrix switch settings (Capture Engine (Windows) only)
  • Configuration: View the audit log
  • Configuration: Upload files
• The User column lists which users have access to a certain policy.
• Edit: Select a policy and then click Edit to define which users have access to the policy. The Add Users to ACL dialog appears:

  

  Browse Users

  • Domain: Type the Domain for the Capture Engine. If the Capture Engine is not a member of any Domain, leave this field blank.
  • Refresh: Click to poll the Domain controller to retrieve the list of users.
    Note: Large Domains with hundreds of users may take several minutes to load.
  • Name/Description: Displays the name and description for each defined user. Both the name and the description are taken from the operating system security settings (local or Domain).
  • Add: Click to add the selected user to the Selected Users table.
  Add User

  Note: If the Capture Engine is not a member of any Domain, you can ignore Add User.
  • Domain: Type the Domain for the Capture Engine.
  • User: Type the name of the User you wish to add to the Selected Users table.
  • Add: Click to add the selected user to the Selected Users table.

  Selected Users

  • Name/Description: Displays the name and description of users allowed to perform the selected policy.
  • Delete: Click to remove the selected user from the Selected Users table.
  • Delete all: Click to remove all users from the Selected Users table.

Considerations when configuring Access Control

Please note the following when configuring Access Control:

• Users with Administrator or root level privileges always have access to all features of the Capture Engine.
• If the Capture Engine is installed on a machine under local control, the local user with Administrator or root level privileges (and equivalents) has access to the Capture Engine regardless of the settings in the Edit Access Control view.
• If the Capture Engine is installed on a machine under Domain control, the Domain Administrator always has access regardless of the settings in the Edit Access Control view.
• When Use access control is selected and no other users are added to the Edit Access Control view (the initial default settings), then only the user with Administrator (local or Domain, depending on the computer setup) or root level privileges has access to the Capture Engine.

Considerations when disabling Access Control

When access control is disabled, the only restrictions on the use of the Capture Engine are those imposed by the operating system security settings. Examples of relevant permissions controlled by operating system security settings include:

• Login privilege: A user must be able to log in to the machine on which the Capture Engine is running in order to use the program.