GCap Documentation version 2.5.4

Menu

• 1. Description
  • 1.1. Introduction
  • 1.2. TAP
  • 1.3. GCap
    • 1.3.1. Different server models
    • 1.3.2. Description of the GCap inputs / outputs
    • 1.3.3. Electrical connection
    • 1.3.4. USB connector and LUKS key
  • 1.4. GCenter
  • 1.5. Interconnection of subsets
    • 1.5.1. Reminder of the GCap connections
    • 1.5.2. Capture and monitoring interfaces monx between TAP and GCap: aggregation possibility
    • 1.5.3. Transferring rules between GCenter and GCap: single-tenant vs. multi-tenant
• 2. Operation
  • 2.1. GCap
    • 2.1.1. GCap functions
    • 2.1.2. The Sigflow engine
    • 2.1.3. Counters of GCap activity
  • 2.2. GCap configuration
    • 2.2.1. Configuring a GCap and its Sigflow engine
    • 2.2.2. Overview of date and time management
    • 2.2.3. Overview of Management (gcp1) and Tunnel (gcp0) interfaces
    • 2.2.4. Overview of managing the monitoring interfaces
    • 2.2.5. Capture and monitoring interfaces: single-tenant vs. multi-tenant
    • 2.2.6. Capture and monitoring interfaces: aggregation
    • 2.2.7. Sigflow detection engine
  • 2.3. Redundant GCaps: high availability
• 3. Characteristics
  • 3.1. Mechanical characteristics of GCap
  • 3.2. Electrical characteristics of GCap
  • 3.3. Functional characteristics of GCap
    • 3.3.1. Functional characteristics
    • 3.3.2. List of protocols that can be selected for analysis
    • 3.3.3. List of selectable protocols for file reconstruction
• 4. The accounts
  • 4.1. List of accounts
  • 4.2. Related principles
    • 4.2.1. Authentication mode
    • 4.2.2. Password management
    • 4.2.3. Password management policy
    • 4.2.4. SSH key
    • 4.2.5. Rights associated with each account
  • 4.3. gview profile
  • 4.4. gviewadm profile
  • 4.5. Setup profile
  • 4.6. List of functions by level and by theme
    • 4.6.1. Configuring the GCap
    • 4.6.2. Managing accounts
    • 4.6.3. Managing the detection engine
    • 4.6.4. Managing network
    • 4.6.5. Managing server
    • 4.6.6. Monitoring the GCAP
• 5. Use cases
  • 5.1. Introduction
  • 5.2. How to connect to Gcap?
    • 5.2.1. Direct connection and configuration
    • 5.2.2. Remote connection to the iDRAC in HTTP (DELL server)
    • 5.2.3. Remote connection to the CLI using SSH via the iDRAC interface in serial port forwarding mode
    • 5.2.4. Remote connection to the CLI in SSH via the network interfaces with the management role (formerly gcp0 or gcp1)
  • 5.3. Remote connection to the GCenter
  • 5.4. How to use the procedures
    • 5.4.1. Accessing the GCap and GCenter
    • 5.4.2. Configuring the GCap
    • 5.4.3. Managing accounts
    • 5.4.4. Managing networks
    • 5.4.5. Managing the detection engine
    • 5.4.6. Managing servers
    • 5.4.7. Monitoring the GCAP
  • 5.5. List of procedures
    • 5.5.1. Configuring the GCap for the first connection
    • 5.5.2. Starting up a GCap
    • 5.5.3. Direct connection to the GCap with keyboard and monitor
    • 5.5.4. Remote connection to the iDRAC in HTTP (DELL server)
    • 5.5.5. Remote connection to the CLI using SSH via the iDRAC interface in serial port forwarding mode
    • 5.5.6. Remote connection to GCap via an SSH tunnel
    • 5.5.7. Connection to the GCenter via a web browser
    • 5.5.8. Changing the GCap date and time
    • 5.5.9. Managing the network parameters of Tunnel and Management interfaces
    • 5.5.10. Managing capture interface settings monx
    • 5.5.11. Switching to a single-interface configuration
    • 5.5.12. Switching to a dual-interface configuration
    • 5.5.13. Managing capture interface aggregation
    • 5.5.14. Pairing between a GCap and a GCenter
    • 5.5.15. Managing the high availability of GCaps
    • 5.5.16. Optimising performance
• 6. CLI
  • 6.1. Overview of the CLI
    • 6.1.1. Introduction to the CLI
    • 6.1.2. Overview of the command prompt
    • 6.1.3. Accessible commands grouped by set
    • 6.1.4. Directly accessible commands
    • 6.1.5. Completion
    • 6.1.6. Navigating in the command tree
    • 6.1.7. Launching a command
    • 6.1.8. Obtaining information on commands via Help
    • 6.1.9. Exit
  • 6.2. cli
    • 6.2.1. show
    • 6.2.2. set
    • 6.2.3. services
    • 6.2.4. system
    • 6.2.5. monitoring-engine
    • 6.2.6. pairing
    • 6.2.7. unpair
    • 6.2.8. replay
    • 6.2.9. help
    • 6.2.10. colour
    • 6.2.11. gui
    • 6.2.12. exit
• 7. Metrics
  • 7.1. List of metrics comparison version 2.5.3.105 vs 2.5.3.104
    • 7.1.1. Internal metrics version 2.5.3.105 vs 2.5.3.104
    • 7.1.2. System information version 2.5.3.105 vs 2.5.3.104
    • 7.1.3. Network information version 2.5.3.105 vs 2.5.3.104
    • 7.1.4. Device and detection information version 2.5.3.105 vs 2.5.3.104
  • 7.2. List of available metrics from version 2.5.3.105
    • 7.2.1. Internal metrics
    • 7.2.2. Details of Sigflow counters
    • 7.2.3. Details of GCap statistics counters and health information.
  • 7.3. Retrieving the metrics
• 8. Appendices
  • 8.1. Event files
    • 8.1.1. Detection engine events: detection-engine-logs
    • 8.1.2. Kernel related events: var-log-kernel
    • 8.1.3. GCap authentication information: var-log-auth
    • 8.1.4. Information on the activity of the various applications used: var-log-daemon
    • 8.1.5. User activity information: var-log-user
    • 8.1.6. Debug events: var-log-debug
    • 8.1.7. Aggregation of different logs: var-log-messages
    • 8.1.8. Scheduled task start information: var-log-cron
• 9. Glossary

GCap Documentation : pdf format