This chapter describes settings to configure your Collector systems to perform domain-based segmentation, and increase the memory available to Collector processes.
By default, the Collector process (panther) is assigned 30% of available system memory within a single-server installation. Within a remote Collector installation, the Collector process is assigned 70% of available memory. To set the memory available to the Collector process, use the following command:
execsql config_set_profile_value profile config MaxMemoryUsage replace setting
where:
profile specifies the name of the Collector profile that needs to be updated.
setting is the percentage of system memory available to the Collector process. Note that percentage sign must not be specified with the setting. It is recommended that you specify a percentage not higher than 90%. If the Collector process has to share resources with other software running on the system, a maximum setting of 80% is more appropriate.
Note that the required Collector profile name can either be obtained via the Reporter GUI (select Configuration, then Security, and then Collector profiles), or by executing the following command:
execsql config_get_profiles
To configure RUEI to filter (segment) monitored traffic based on domain names, do the following:
Select Configuration, then Security, then Network filters, and select the required Collector profile. Ensure that the Packet capture menu specifies the "Specified domains" option for each required Collector profile.
Create, modify, or delete the required rows in the c_domain_segments database table. The table has the following format:
ID Priority Domain Profile_ID Traffic_segment 1000 10 *.nl 2 1|1 1100 8 *.be 2 1|2 1150 3 *.oracle.* 2 1|1 1200 1 *.com 2 3|4
where:
The ID column represents a unique identifier for each row in the table.
The Priority column represents the order in which the filters are applied. The filters with the highest priority numbers are applied first, and those with the lowest are resolved last. Hence, in the above example, monitored traffic relating to the domain myshop.oracle.com would be filtered as *.oracle.* 1|1, and not the *.com 3|4 filters. Also, all domain traffic with the country code nl is monitored, while only the first half of the data stream should be monitored for domains with the country code be.
The Domain column contains the actual filter value where * can be used as a wildcard.
The Profile_ID column relates to the ID of the Collector profile for which the filters should apply. This ID can be found in c_cprofiles.
The Traffic_segment column contains the segment which should be used for the specified filter. You can specify up to 128 parts. For example, 34|128 will take the 34th segment out of 128.
To view the currently defined network filters, logon to the Reporter system as the RUEI_USER user, and issue the following command:
sqlplus /@RUEI_DB_TNSNAME
select id, prio, domain, profile_id, traffic_segment from c_domain_segments order by prio;
To insert a row into the table, issue the following command:
insert into c_domain_segments (id, prio, domain, profile_id, traffic_segment) values (c_domain_segments_seq.nextval, 1, '*.nl', 2, '1|2');
To delete a row from the table, issue the following command:
delete from c_domain_segments where id=1;
To alter a filter's priority, issue the following command:
update c_domain_segments set prio=100 where id=2;
By default, a Collector system use three threads for Network Protocol Analysis (NPA). This is controlled by the NumNPAThreads setting. Collector performance can be improved by increasing this setting.
If not currently defined, this number can be increased by using the following command:
execsql config_set_profile_value profile config NumNPAThreads add 4
If previously defined, it can be modified by using the following command:
execsql config_set_profile_value profile config NumNPAThreads replace 5
where profile specifies the name of the Collector profile that needs to be updated.
By default, the Forms socket mode setting is set to 10 minutes. To view it, issue the following command:
execsql config_get_profile_value System forms FormsSocketTimeout
To alter it, issue the following command:
execsql config_set_profile_value System forms FormsSocketTimeout replace 600