Linux-UNIX: Configuring an Inspection Engine

Configure or modify an inspection engine in the S-TAP Control pane.

Before you begin

You must be logged in to the Guardium system that manages the S-TAP.

About this task

Do not configure an S-TAP inspection engine to monitor network traffic that is also monitored directly by a Guardium system that is hosting the S-TAP, or by another S-TAP reporting to the same Guardium system. That would cause the Guardium system to receive duplicate information: it would not be able to reconstruct sessions, and it would ignore that traffic.

You can also add inspection engines directly in the guard_tap.ini file, see Linux-UNIX: Editing the S-TAP configuration parameters.

You can define up to 50 inspection engines per S-TAP.

Procedure

  1. Navigate to Manage > Activity Monitoring > S-TAP Control.
  2. In the row of the S-TAP, click edit S-TAP configuration.
    The S-TAP Configuration window opens.
  3. Scroll to the bottom of the inspection engines, and click show new inspection engine next to Add Inspection Engine....
    Note: You can add a maximum of 50 Inspection Engines only. If you exceed this limit, then the additional engines are truncated.
  4. Select the protocol and enter the port range. The window refreshes with the relevant parameters, some with their default values.
  5. Configure all the required parameters, and click Add. If you are missing parameters, the system informs you what is missing.