We have a scenario where we are trying to monitor HTTP and SOAP traffic being served from the same port.
Since we can't monitor both on the same AMD, we thought about using 2 AMD's to monitor traffic (one for http and another for SOAP).
The issue with above config is, since we have one AMD in each data center, we will only see half the traffic for HTTP and SOAP where we would like to monitor all traffic (http and SOAP).
Other than having to get two more AMD's, is there any other way we can monitor all the traffic?
I understand this isn't going to be an issue post 12.4, we are running 12.2 currently and moving to 12.3 soon.
Any suggestions would be great.
If it is traffic coming from the outside of the enterprise or through a firewall, then you can capture the traffic twice, as long as the FW is doing NAT.
Once outside you capture and specify the FW's IP adress and then on the other side (inside) you pick the other decode and just specify the actual IP adress of the server.
We monitor soap using the http decode here in some places, mainly because we need different fast/slow threshold on different operations.
what it means is:
So, basically, very awkward but possible.