5.4. How to use the procedures

5.4.1. Accessing the GCap and GCenter

To perform the following task

#

Carry out the following procedures in succession

First connection to the GCap by a direct connection

1

Direct connection to GCap with keyboard and monitor

Remote connection to iDRAC via HTTP

1

Remote connection to iDRAC via HTTP

Remote SSH connection in serial port forwarding mode

1

Remote connection to the CLI using SSH via the iDRAC interface in serial port forwarding mode

Connection to the GCenter via a web browser

1

Connection to the GCenter via a web browser

5.4.2. Configuring the GCap

To perform the following task

Perform the following procedures in sequence

The first installation to GCap

1

Configuring the GCap on first login

2

Putting a GCap into operation

Keyboard configuration

1

Display: use the command show keymap

2

Modify: use the command set keymap

Configuring the Gcap interface: (GUI or CLI)

1

Display: use the command show setup-mode

2

Modify: use the command set setup-mode

Date and time

1

Display: use the command show datetime

2

Modify: use the procedure Change GCap date and time

Colours in the display

1

Enable or disable: use the command colour

Compatibility mode with the GCenter

1

Show: use the command show compatibility-mode

2

Modify: use the command set compatibility-mode

Services: start a service (to be defined)

1

View the status of services: use the command services status + service to be defined

2

Starting a service: use the command services start +service to be defined

Services: stop a service (to be defined)

1

View the status of services: use the command services status + service to be defined

2

Stopping a service: use the command services stop +service to be defined

Services: view status services

1

Viewing the status of services: use the command services status +service to be defined

Services: display the periods for file retention

1

Stop a service: use the command services show retention-periods

High availability

1

Show: use the command show advanced-configuration high-availability

2

Management: use the procedure Managing GCaps High Availability

Pairing with GCenter

1

Use the procedure Pairing between a GCap and a GCenter

5.4.3. Managing accounts

To perform the following task

Perform the following procedures in sequence

Authentication: the list of users

1

Display the list: use the command show passwords

2

Change passwords: use the command set passwords

Authentication: modify the SSH keys

1

Use the command set ssh-keys

Authentication: display the password policy

1

Use the command show password-policy

Authentication: unlock blocked accounts

1

Use the command system unlock

Authentication: define a password policy

1

Use the command set password-policy

Authentication: display the protection policy against brute force attacks

1

Use the command show bruteforce-protection

Authentication: modify the protection policy against brute force attacks

1

Use the command set bruteforce-protection

Session: display the duration of inactivity before disconnection

1

Use the command show session-timeout

Session: modify the duration of inactivity before disconnection

1

Use the command set session-timeout


5.4.4. Managing networks

To perform the following task

Perform the following procedures in sequence

Managing gcp0 and gcp1 interfaces

1

Use the procedure Managing network settings for gcp0 and gcp1 interfaces

IP address of the GCenter: display the GCenter IP address

1

Use the command show gcenter-ip

IP address of the GCenter: modify the GCenter IP address

1

Use the command set gcenter-ip

Manage the capture interfaces monx

1

Use the procedure Manage monx capture interface settings

Detection interfaces: display the replacement name of the monx capture interfaces

1

Use the command show advanced-configuration interface-names

Authentication: detect / name the capture interfaces monx

1

Use the command set advanced-configuration rescan-interfaces

Manage interface aggregation of capture

1

Use the procedure Manage capture interface aggregation

Switch to the configuration single-interface for connection SSH managed by the gcp0 interface

1

Use the procedure Flip to single-interface configuration

Switching to the configuration dual-interface for connection SSH managed by the gcp1 interface

1

Use the procedure Flip to dual-interface configuration


5.4.5. Managing the detection engine

Basic functions

To perform the following task

#

Carry out the following procedures in succession

Display the detection engine configuration as well as the rules

1

Use the command show config-file

Display advanced options

1

Use the command show monitoring-engine

Apply an advanced configuration

1

Use the command set monitoring-engine

Start the detection engine

1

Use the command monitoring-engine start

Stop the detection engine

1

Use the command monitoring-engine stop

Display the detection engine status

1

Use the command monitoring-engine status

Traffic generation: replaying a pcap file

1

Use the command replay

Advanced functions

To perform the following task

#

Carry out the following procedures in succession

Resource allocation: display the number of dedicated CPUs

1

Use the command show advanced-configuration cpu-config

Resource allocation: modify the number of dedicated CPUs

1

Use the command set advanced-configuration cpu-config

Load balancing monx capture interface - CPU: show the configuration

1

Use the command show advanced-configuration load-balancing

Load balancing monx capture interface - CPU: modify the configuration

1

Use the command set advanced-configuration load-balancing

Flow filtering: display static rules

1

Use the command show advanced-configuration packet-filtering

Flow filtering: specify the static rules

1

Use the command set advanced-configuration packet-filtering

Sigflow local rules: display

1

Use the command show advanced-configuration local-rules

Sigflow local rules: modify

1

Use the command set advanced-configuration local-rules

Optimise the performance of the GCap

1

Use the procedure Optimize GCap performance


5.4.6. Managing servers

To perform the following task

#

Carry out the following procedures in succession

Display help on the commands

1

Use the command help

Launch the GCap configuration GUI

1

Use the command gui

Exit the current session or leave the SSH session

1

Use the command exit

System: restart the GCap

1

Use the command system restart

System: shut down the GCap

1

Use the command system shutdown

System: reloading network card drivers

1

Use the command system reload-drivers


5.4.7. Monitoring the GCAP

To perform the following task

#

Carry out the following procedures in succession

Monitoring: consult the alert logs

1

Use the command show alerts

Monitoring: CPU usage

1

Use the command show cpus

Monitoring: display the current status of the GCap

1

Use the command show status

Monitoring: display the statistics of the Sigflow detection engine

1

Use the command show eve-stats

Monitoring: display the different event logs

1

Use the command show logs

Monitoring: display statistics and health information

1

Use the command show health

Monitoring: extract the information from the GCap as requested by technical support

1

Use the command show tech-support