Kaspersky Anti Targeted Attack Platform

Managing the settings for saving traffic dump files

The application saves traffic received through monitoring points as traffic dump files. The application uses these files for analysis of incoming traffic. You can also use these files to perform the following actions in the application:

Traffic dump files are saved in internal storage on servers with the Sensor component. If you use the Central Node component with built-in Sensor, traffic dump files are saved in the internal storage of the Central Node server.

The application stores traffic dump files on a temporary basis. As traffic arrives, the application automatically deletes the oldest traffic dump files from storages if the total size of files approaches the limit set for the storage. You can configure the settings for storing traffic in the internal storage.

To configure the saving of traffic dump files to the internal storage:

  1. Select the Sensor servers section in the window of the application web interface.
  2. Click the card of the relevant Central Node component.

    This opens a window with information about the component.

  3. Click Edit.
  4. Go to the General tab.
  5. If necessary, in the Filtering stored traffic section, enable filtering and enter a filtering expression using the Berkeley Packet Filter (BPF) technology based on the address settings of the network packets.

    Filtering can reduce the size of stored traffic by discarding network packets that do not match the filter. However, if you rely on filtering, consider that filtered traffic may not provide all data that the application needs for high-quality traffic analysis. You need to configure filtering in such a way that all network packets that the application needs to analyze traffic are saved in the traffic dump files.

  6. Under Traffic dump files, use the Max volume setting to set the size limit for stored traffic dump files.

    You can select the unit of measure for the space limit: MB or GB.

    When editing the value, you also need to take into account the amount of received traffic, the rate at which it is received, and the fact that the sum total of all size limits may not exceed the specified maximum storage capacity for the node.

  7. Click Save.

Traffic dump saving in internal storage is configured.