2. Enable/disable detection engine

This tab 'Activate' or 'Deactivate' only appears in the GCap sensor settings menu once the association has been made with the GCenter. Indeed, once the network configuration is done as well as the pairing, it is essential to start the Suricata analysis engine, 'engine engine'. The capture of the stream by the probe will not be done without the administrator having done this step via the 'Activate' tab.

_images/SMDD1.PNG_images/SMDD2.PNG

Once the capture engine is activated, the GCap probe configuration menus change and are no longer configurable without deactivating the capture engine via the 'Deactivate' tab. The management of files in transit or waiting on the probe is always accessible even once the analysis engine has been launched.

_images/SMDD3.PNG

The administrator now has the ability to check quickly and easily, thanks to the About tab:

  • the status of the IPsec link between the GCap and GCenter,

  • the mode of communication,

  • whether the analysis engine is running or not.

_images/SMDD4.PNG_images/SMDD5.PNG

You can do it with the following CLI command :

show status
monitoring-engine [start|stop]