How to exclude protocol from SPAN traffic in KATA 5.x CN with Sensor role [KATA/KEDRE]
Entry posted by svc_kms in How-to
164 views
Issue
In KATA 4.1, when Central Node was used as Sensor, it was possible to access Traffic Capture and disable protocol, e.g SMTP.
CN-Sensor - https://support.kaspersky.com/help/KATA/4.1/en-US/199500.htm
Standalone Sensor - https://support.kaspersky.com/help/KATA/4.1/en-US/199500_1.htm
In KATA 5.0, this possibility is missing from docs and from CN and only available on Standalone Sensor:
Solution
Workaround is to use CLI and access predecessor configuration directly:
Settings section
#console-settings-updater get /kata/configuration/product/preprocessor_span | python3 -m json.tool | grep \"traffic\" -A 23
"traffic": {
"buffer_size_limit": 4096,
"checksum_validation": false,
"enable": true,
"enable_dns": true,
"enable_ftp": true,
"enable_http": true,
"enable_smtp": false,
"enable_ssl": true,
"ftp_data_expired_timeout": "PT60S",
"ftp_data_supposed_max_size_bytes": 10485760,
"iface_groups": [
{
"ifaces": [
"ens192"
],
"core_id": null
}
],
"pcap_filter": "",
"pcap_snaplen": 1600,
"pcap_timeout": 10,
"tcp_threads_number": 16
},
|
Example disable SMTP, enable the rest
#console-settings-updater set --merge /kata/configuration/product/preprocessor_span '{"traffic": {"enable_dns": true, "enable_ftp": true, "enable_http": true, "enable_smtp": false}}'
|
Example change
#console-settings-updater get /kata/configuration/product/preprocessor_span | python3 -m json.tool > /tmp/preprocessor_span.json
#vim /tmp/preprocessor_span.json
#console-settings-updater set /kata/configuration/product/preprocessor_span @/tmp/preprocessor_span.json
|
0 Comments
Recommended Comments
There are no comments to display.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now