4.6.3. Managing the detection engine

Managing the detection engine

Function per level

setup

gviewadm

gview

Sigflow configuration: display the configuration and the rules

show config-files

show config-files

show config-files

Sigflow configuration: display advanced options

show monitoring-engine

N/A

N/A

Sigflow configuration: apply an advanced configuration

set monitoring-engine

N/A

N/A

Sigflow configuration: start the detection engine

monitoring-engine start

monitoring-engine start

N/A

Sigflow configuration: stop the detection engine

monitoring-engine stop

monitoring-engine stop

N/A

Sigflow configuration: display status

monitoring-engine status

monitoring-engine status

N/A

Traffic generation: replaying a pcap file

replay

replay

N/A


4.6.3.1. Managing the detection engine (advanced functions)

The advanced functions include:

  • resource allocation: modification of the distribution of CPUs reserved for the detection engine

  • capture interface load balancing: load balancing of captured flows per capture interface using load balancing methods (algorithm)

  • flow filtering: specification of static rules for filtering flows captured by capture interfaces

  • Sigflow local rules: local modification in the GCap of the traffic monitoring rules performed by the Sigflow detection engine using the detection rules (local_all.rules file)

Managing the detection engine (advanced functions)

Function per level

setup

gviewadm

gview

Resource allocation: display the number of dedicated CPUs

show advanced-configuration cpu-config

N/A

N/A

Resource allocation: modify the number of dedicated CPUs

set advanced-configuration cpu-config

N/A

N/A

Load balancing monx capture interface - CPU: show the configuration

show advanced-configuration load-balancing

N/A

N/A

Load balancing monx capture interface - CPU: modify the configuration

set advanced-configuration load-balancing

N/A

N/A

Flow filtering: display static rules

show advanced-configuration packet-filtering

N/A

N/A

Flow filtering: specify the static rules

set advanced-configuration packet-filtering

N/A

N/A

Sigflow local rules: display

show advanced-configuration local-rules

N/A

N/A

Sigflow local rules: modify

set advanced-configuration local-rules

N/A

N/A