GCap documentation version 2.5.4.2

• 1. Description
  • 1.1. Introduction
  • 1.2. TAP
  • 1.3. Presentation of the GCap
    • 1.3.1. Different server models
    • 1.3.2. Description of the GCap inputs / outputs
    • 1.3.3. Electrical connection
    • 1.3.4. USB connector and LUKS key
  • 1.4. Presentation of the GCenter
  • 1.5. Presentation of Reflex
  • 1.6. Interconnection between devices
    • 1.6.1. Reminder of the GCap connections
    • 1.6.2. Capture and capture interfaces `monx` between TAP and GCap: aggregation possibility
    • 1.6.3. Transferring rules between GCenter and GCap: single-tenant vs. multi-tenant
• 2. Operation
  • 2.1. GCap
    • 2.1.1. GCap functions
    • 2.1.2. The Sigflow engine
    • 2.1.3. Counters of GCap activity
  • 2.2. GCap configuration
    • 2.2.1. Configuring a GCap and its Sigflow engine
    • 2.2.2. Overview of date and time management
    • 2.2.3. Management overview of `Management` and `Tunnel` interfaces
    • 2.2.4. Overview of managing the capture interfaces
    • 2.2.5. Capture interfaces: single-tenant vs. multi-tenant
    • 2.2.6. Capture interfaces: aggregation
    • 2.2.7. Sigflow detection engine
• 3. Characteristics
  • 3.1. Mechanical characteristics of GCap
  • 3.2. Electrical characteristics of GCap
  • 3.3. Functional characteristics of GCap
    • 3.3.1. Functional characteristics
    • 3.3.2. List of protocols that can be selected for analysis
    • 3.3.3. List of selectable protocols for file reconstruction
• 4. The accounts
  • 4.1. List of accounts
  • 4.2. Related principles
    • 4.2.1. Authentication mode
    • 4.2.2. Password management
    • 4.2.3. Password management policy
    • 4.2.4. SSH key
    • 4.2.5. Rights associated with each account
  • 4.3. gview profile
  • 4.4. gviewadm profile
  • 4.5. setup profile
• 5. Use cases of the gview profile
  • 5.1. Profile of the gview account
  • 5.2. Password of the gview account
  • 5.3. List of potential actions of the gview account
• 6. Use cases of the gviewadm profile
  • 6.1. Profile of the gviewadm account
  • 6.2. Password for the gviewadm account
  • 6.3. List of potential actions of the gviewadm account
• 7. Use cases of the setup profile
  • 7.1. Profile of the setup account
  • 7.2. Password of the setup account
  • 7.3. List of potential actions of the setup account
  • 7.4. How to connect to Gcap?
  • 7.5. Remote connection to the GCenter
• 8. List of procedures
  • 8.1. List of potential actions
    • 8.1.1. Accessing the GCap and GCenter
    • 8.1.2. Configuring the GCap
    • 8.1.3. Managing accounts
    • 8.1.4. Manage the network
    • 8.1.5. Manage the detection engine
    • 8.1.6. Managing server
    • 8.1.7. Monitoring the GCAP
  • 8.2. Procedure to configure the GCap for the first connection
  • 8.3. Procedure to put a GCap into operation
  • 8.4. Procedure to connect directly to the GCap via keyboard and screen
  • 8.5. Procedure to connect the iDRAC in HTTP (DELL server)
  • 8.6. Procedure to remote connection to the CLI using SSH via the iDRAC interface in serial port forwarding mode
  • 8.7. Procedure to remote connection to GCap via an SSH tunnel
  • 8.8. Procedure to connect to the GCenter via a web browser
  • 8.9. Procedure to change the date and time of the GCap
  • 8.10. Procedure to manage the network parameters of `Tunnel` and `Management` interfaces
  • 8.11. Procedure to manage the `monx` capture interface settings
  • 8.12. Procedure to switch the single-interface configuration
  • 8.13. Procedure to switch to the configuration dual-interface
  • 8.14. Procedure to manage capture interface aggregation
  • 8.15. Procedure to pair a GCap with the GCenter
  • 8.16. Procedure to optimize performances
• 9. CLI
  • 9.1. Overview of the CLI
    • 9.1.1. Introduction to the CLI
    • 9.1.2. Overview of the command prompt
    • 9.1.3. Accessible commands grouped by sub-group
    • 9.1.4. Directly accessible commands
    • 9.1.5. Completion
    • 9.1.6. Navigating in the command tree
    • 9.1.7. Launching a command
    • 9.1.8. Obtaining information on commands via Help
    • 9.1.9. Exit
  • 9.2. Summary of orders by theme and level
  • 9.3. CLI commands
    • 9.3.1. show
    • 9.3.2. set
    • 9.3.3. system
    • 9.3.4. monitoring-engine
    • 9.3.5. pairing
    • 9.3.6. unpair
    • 9.3.7. replay
    • 9.3.8. help
    • 9.3.9. color
    • 9.3.10. exit
• 10. Metrics
  • 10.1. List of available metrics from version 2.5.3.105
    • 10.1.1. Internal metrics
    • 10.1.2. Details of Sigflow counters
    • 10.1.3. Details of GCap statistics counters and health information.
  • 10.2. Retrieving the metrics
• 11. Appendices
  • 11.1. The log files
    • 11.1.1. Detection engine events: detection-engine-logs
    • 11.1.2. Kernel related events: var-log-kernel
    • 11.1.3. GCap authentication information: var-log-auth
    • 11.1.4. Information on the activity of the various applications used: var-log-daemon
    • 11.1.5. User activity information: var-log-user
    • 11.1.6. Debug events: var-log-debug
    • 11.1.7. Aggregation of different logs: var-log-messages
    • 11.1.8. Scheduled task start information: var-log-cron
• 12. Glossary

PDF documentation