Firstly, the CSS roles are not flexible enough to allow me to have 'System Administrator' privileges, but without the 'packet capture user' role.
So - is there any way I can disable packet capture functionality - maybe by editing AMD configuration?
Solved! Go to Solution.
The cba daemon (service) runs the smart packet capture functionality. You could stop and disable this*.
service cba stop
chkconfig cba off
systemctl stop cba
systemctl disable cba
Note disabling these, will stop some functionality in RUM Console (wizards, traffic diagnostics) as well as the smart packet capture.
Users would need root/sudo access on the AMD to re-enable the functionality.
Thanks! I've used the software service wizard before and can live with it disabled - but I'm not sure about traffic diagnostics - does that include things like stats for sequence number gaps, uni-directional traffic (& if so, just for RUM Console or also for reports in the CAS)?
Excellent, thanks for this!
Lastly, are there any posts/docs that list the functionality for each AMD service? Notably the functions that I will miss from cba service being disabled, but also useful to know what the other services are used for
To prevent traffic captures from being executed remotely, rename the directory
to something like:
/var/spool/adlex/spc_disabled. This prevents the rtm process from writing the traffic capture file to the directory.