cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

This product reached the end of support date on March 31, 2021.

Disable "smart packet capture" functionality at AMD level?

benjamin_johnso
Organizer

Hello;

Firstly, the CSS roles are not flexible enough to allow me to have 'System Administrator' privileges, but without the 'packet capture user' role.

So - is there any way I can disable packet capture functionality - maybe by editing AMD configuration?

12 REPLIES 12

chris_v
Dynatrace Pro
Dynatrace Pro

The cba daemon (service) runs the smart packet capture functionality. You could stop and disable this*.

RHEL 6:
service cba stop
chkconfig cba off

and

RHEL 7:
systemctl stop cba
systemctl disable cba

Note disabling these, will stop some functionality in RUM Console (wizards, traffic diagnostics) as well as the smart packet capture.

Users would need root/sudo access on the AMD to re-enable the functionality.

Thanks! I've used the software service wizard before and can live with it disabled - but I'm not sure about traffic diagnostics - does that include things like stats for sequence number gaps, uni-directional traffic (& if so, just for RUM Console or also for reports in the CAS)?

Thanks

Ben

Also - does anyone know how to disable the monitoring for this service if we decide to disable it? The RUMConsole shows warning status for the AMD when the service is stopped.

Tomasz_Lisowski
Advisor

If you disable the service by ('chkconfig cba off' or 'systemctl disable cba') Console will not show warning.

Also note that disabling CBA will not impact AMD diagnostic reports on CAS.

Thanks Tomasz, I wasn't 100% sure on the diagnostics part there.

Excellent, thanks for this!

Lastly, are there any posts/docs that list the functionality for each AMD service? Notably the functions that I will miss from cba service being disabled, but also useful to know what the other services are used for

Hello, I believe that after v12.4.10, cba process may have been moved into the rtm process?

Hello, I found that I am still able to take captures, even after disabling and stopping the cba service... I'm using version 12.4.10 - is there another way to disable it?

jaroslaw_orlows
Dynatrace Pro
Dynatrace Pro

Hello! Based on this forum thread we put up a doc article listing the AMD services with short descriptions of what each of them actually does. Comments are welcome, as usual 🙂

AMD Services

Hello - I found in the logs (12.4.10) that it is now the rtm process that actually writes the traffic capture file

benjamin_johnso
Organizer

To prevent traffic captures from being executed remotely, rename the directory

/var/spool/adlex/spc

to something like:

/var/spool/adlex/spc_disabled. This prevents the rtm process from writing the traffic capture file to the directory.

OK, but this will only work until the next upgrade.bin is installed (new build or upgrade) and the folder will be re-created