DNCA Configuration File dcx-conf.xml

If you cannot login to the web console, you can edit dcx-conf.xml to configure the Unica Discover Network Capture Application.

Note: Avoid making direct changes to this configuration file. It is recommended that you make changes to your DNCA configuration through the web Console, which provides a user interface onto this configuration file. For more information, see Supported Browsers for DNCA Web Console.

This file is in the /usr/local/dncauser/etc directory. It can be edited with the vi editor.

Note: Some of the settings are not displayed in the default configuration file. These settings can be inserted based on configuration changes that are made through the web console. All configuration settings that are required for general use of the DNCA are available in the default file.
Note: SSH is run over the standard port 22.
Note: Always make a backup copy of the configuration file before you make changes to it.
Note: Do not edit this configuration file or any DNCA configuration file by using an editor on a Windows machine. The Windows end-of-line (EOL) characters are different from the UNIX EOLs used by Linux. So, configuration errors can occur when the file is reapplied in the DNCA's Linux environment.

The following tables explain each configuration option in the default configuration file.

<Conf>

Table 1. Configuration settings
Configuration Option Description
<IPv6ConsoleEnabled> To enable, set this value to 1.
<Timeout>

The specified value defines the number of minutes that a web Console session is allowed to be idle before it is automatically timed out.

Please search the file. If the setting is not present in your file, insert it here.

For more information, see DNCA web Console - Console Tab.

<Archive>

This section specifies the configuration options for enabling and managing local TCP/IP packet archiving. For more information, see DNCA Web Console - Backup-Logs Tab.

Table 2. Archive setting
Configuration Option Description
<RecordingEnabled> Enables local TCP/IP packet archiving. When enabled, archive files are saved to the archive recording directory (default /usr/local/dncauser/archive) in a rolling archive. Archives are partitioned into 50 MB files.

This setting is disabled by default.
<MaxSize> Specifies the maximum size of the TCP/IP packet archives.

By default, MaxSize is set to 500 MB. The default directory size that is allocated to archives is 18 GB.
</Archive>

<Capture>

Use the capture configuration settings to configure data capturing from a spanned switch port or network tap.

Table 3. Capture settings
Configuration Option Description
<HangingResponseTimeout> Specifies the timeout setting (in seconds) between the last packet of the request and the first packet of the response. If the timeout is exceeded, the connection is marked as canceled by the client.

The default is 120 seconds.
<HangingTransmissionTimeout> <Specifies the timeout setting (in seconds) that defines how long DNCA waits between packets. If the timeout is exceeded, the connection is marked as a request that was canceled by the client.

The default is 120 seconds.
<Ignores/>
<ListenFullDuplex> Defines if DNCA is receiving bidirectional data from a network tap or unidirectional directional from a SPAN port on a network switch or load balancer. If the DNCA host machine is receiving data from a network tap, set ListenFullDuplex=False. If the host machine is receiving data from a spanned port, set ListenFullDuplex=True.
<ListenOnBothInterfaces> Indicates whether DNCA is listening on one or both of its Ethernet interfaces. It can be used to capture two SPAN ports. If DNCA is receiving data from a network tap, set ListenOnBothInterfaces=True. If it is receiving data from a spanned port, set ListenOnBothInterfaces=False.
<ListenTo>

Nested within the <Capture> section, this subsection specifies the set of web servers to be monitored by DNCA. The <Address> and <Port> attributes must be configured for each web server that is being monitored.

Network Capture also supports netmasks. In the event a netmask setting is used, a <NetmaskSize> node must be added to the configuration file under the <Address> node and before the <Port> node. For example, if the IP range for web servers that are being monitored is 10.10.10.0 through 10.10.10.255 and the web servers are listening on both ports 80 and 443, the ListenTo configuration would appear as follows:

<ListenTo>
     <Address>10.10.10.0</Address>
     <NetmaskSize>24</NetmaskSize>
     <Port>80</Port&gt;
     <Port2>443</Port2>
 </ListenTo>

For more information on best practices in managing IP addresses, see Supported Browsers for DNCA Web Console.
<ListenTos>
<Address> Specifies the IP address of the web server that is being monitored.
<Port> Specifies the port number the web server is listening on.
<Port2> Specifies an extra port number associated to the Address attribute. Optimized for typical two-port monitoring.
<NetMaskSize> Specifies the range of IP addresses to be monitored, through netmask size in bits.
</ListenTo>
</ListenTos>
<MaxSimultaneousConnections> Defines the maximum number of concurrent TCP connections the DNCA software is set to handle.

The default value is 10000.
<MaxConnectionsInSynState> Defines the maximum number of concurrent TCP connections where partial TCP connections are established.

The default value is 4000.
<PrimaryInterface> Specifies the name of the primary Ethernet interface.

The default setting is eth0.
<SecondaryInterface> Specifies the name of the secondary Ethernet interface.
<MaxSessionCacheSize> Defines the number of maximum number of concurrent SSL connections that can be processed.

The default value is 10,000.
<MaxInputBufferSize>
Note: Do not change this setting without first contacting technical support. This setting is used for debugging issues that are related to spiking traffic conditions that are overwhelming the buffer.
Defines the maximum size (in bytes) of the TCP packet handling queue.

The default value is 100,000,000 (approximately 100 MB).

When the buffer fills, the DNCA begins dropping hits. By enforcing a limit on the buffer, the system prevents a crash. However, data is dropped.
<MaxMemoryConsumption>
Note: Do not change this setting without first contacting technical support. This setting is used for debugging issues that are related to spiking traffic conditions that are overwhelming the buffer.
Defines the maximum amount of system memory (in MB) allocated to the capture process.

The default value is 1300 MB (1.3 GB).

The Unica Discover Network Capture Application is a 32-bit application, which means each DNCA process can address a maximum of 2 GB of RAM.
<TransparentLoadBalancingEnabled> Enables or disables the transparent load balancing (TLB) feature.

To enable load balancing, set TransparentLoadBalancingEnabled to True.

To disable load balancing, set TransparentLoadBalancingEnabled to False.

The default value is True to enable load balancing. For more information, see DNCA Transparent Load Balancing Overview.
<ReassInstances> Configures the number of reassd instances to be created. The default value is 1.
<SslSessionInfoOnMemcachedServer>

If transparent load balancing is enabled and SslSessionInfoOnMemcachedServer is set to True, then the DNCA uses memcache to cache SSL data.

The default value for SslSessionInfoOnMemcachedServer is set to True.
<MaxConnectionsRoutingInfo>

Defines how much TCP connection routing information can be store in the local routerd hash table. Once the limit is reached, the oldest data is removed from the table so that a new value can be written to the table.

The default value is 100000.
<MaxInputRouterdBufferSize>

Defines the buffer size, in MB, for the routered service.

The default value is 50 MB.
<DeleteTcpLargeConnDisabled>

This setting is a Boolean flag, set to either True or False. If unspecified, it is treated as though set to False. If set to True, this setting prevents TCP connections that have individual request or response sizes exceeding from being closed. Special cases, such as, large pdf files or streaming traffic connections, may need to disable this feature to maintain the connection.

The maximum size of individual request or responses is defined by the MaxTcpConnSize parameter.
<MaxTcpConnSize> Maximum permitted size of an individual request or response in a TCP connection. A single TCP connection can have multiple requests or responses, and each one is checked against this limit.

The default value is 2097152.

If this limit is exceeded, the TCP connection is automatically closed when the DeleteTcpLargeConnDisabled setting is set to False.
<CaptureKeys/>
<CaptureKey> This optional section is used to define the SSL keys necessary to support capture of HTTPS traffic from web servers.
  • For each private key, a CaptureKey section including the <CertificateFile> (optional), <Label> and <PrivateKeyFile> nodes need to be defined.
  • The <CertificateFile> and <PrivateKeyFile> entries are the fully qualified domain names of the files that contain the certificate and private keys.
  • The private key must be in the Discover converted .PTL format for it to be usable.
<Certificate> Specifies the location in which the Public key is to be pasted.
<Label> Specifies the text name of private key.
<PrivateKey> Defines the location where the Private Key is to be pasted.
</CaptureKey>
</CaptureKeys/>
<InstancesEnabled> This setting provides a global setting to enable/disable multiple instances. This setting is a Boolean flag, set to either True or False.
  • If unspecified, it is treated as though set to False.
  • If set to True, then the following nested <Instances> is used for multiple instance instantiation. Otherwise, only a single instance is created.
<Instances> Top-level node for nested multiple instance definitions.
<Instance> Instance node for defining the attributes of an instance.
<InstanceDisabled> This setting is a Boolean flag, set to either True or False.
  • If unspecified, it is treated as though set to False.
  • If set to True, then the local instance node is disabled. By disabling the instance node, you can disable individual instances for debugging or testing.
<ListenFullDuplex> If defined within the instance node, it has the same meaning as the previous primary instance, but this setting applies to this specific instance.

If it is not defined, then the instance inherits the value from the primary instance.

Set <ListenFullDuplex> to True or False.
<ListenOnBothInterfaces> If defined within the Instance node, it has the same meaning as the previous primary instance, but this setting applies to this specific instance.

If it is not defined, then the instance inherits the value from the primary instance.

Set <ListenOnBothInterfaces> to True or False.
<TcpChecksumDisabled> By default, the DNCA runs a checksum validation of the TCP packets that are submitted to it. Environments where a large receive option (LRO) or checksum offloading is enabled, DNCA checksum validation fails. Set the value to True to disable it.

If this setting is not in the default XML, the DNCA assumes that checksum validation is wanted and enabled. This setting appears in the XML after packet checksum validation is disabled through the DNCA Web Console Interface tab by selecting the Disable Packet checksum validation check box. For more information, see DNCA Web Console - Interface Tab.
<PipelineInstances> Indicates the number of pipeline processes (pipelined) to create a system capable of having multiple pipelines. You can add one extra pipelined process for each additional processor core that is idle.

By default, this value is set to 1.

For more information on creating multiple pipelines, see Pipeline Settings.
<SslHwCheckDisabled> When set to true, the DNCA disables the scanning for and use of SSL hardware accelerator cards.

The default value is False.
<MaxPipelineSHMQueueSize> Defines the size in megabytes of the queue that feeds hits to instances of the pipeline.

By default, this value is set to 100 MB. Maximum allowed value is 200 MB.
<MaxPipelineSHMQueue2Size> Defines the size in megabytes of the queue that feeds hits from the instances of the pipeline to the Tcl engine module.

By default, this value is set to 100 MB. Maximum allowed value is 200 MB.

For more information on creating multiple pipelines, see Pipeline Settings.
</Capture>

<Delivery>

This section includes the attributes for configuring real-time data transportation from the DNCA host machine to the Unica Discover Server environment.

Table 4. Delivery setting
Configuration Option Description
<DeliveryMode> Configures the delivery mode for the DNCA delivering to its peers. For more information, see DNCA Web Console - Delivery Tab.
<DeliveryMode>2</DeliveryMode>
<BatchInterval> This setting is not used.
<MaxQueueDepth> Defines the maximum size (in bytes) of the queue for sending data to the Unica Discover Server. The default value is 0, which sets the queue depth to 50MB.
<MyCertificate> This setting is not used.
<MyPrivateKey> This setting is not used.
<StatisticsHitEnabled> This setting is a Boolean flag, set to either True or False.
  • If set to True, then statistics hits are enabled as a feature.
  • If set to False, the feature is disabled. If no value is set, it is treated as False.
<StatisticsHitHost> This setting is either the host name or IP address of the machine that runs the Discover Transport Service that receives statistics hits.
<StatisticsHitIntervalSeconds> This setting, a positive number, is the minimum number of seconds to lapse between attempts to send statistics hits.

If set to 0 (zero), statistics hits are not sent.
<StatisticsHitPort> This setting, a positive port number, is the TCP/IP port number to use while connecting to the Discover Transport Service on the host.
<StatisticsHitSecure> This setting, a Boolean flag, indicates if the connection to the Discover Transport Service is enabled for SSL. It can be set to either True or False.

If unspecified, it is treated as though set to False.
<TimeSourceHost> Designates the domain name or IP address of the host running the Discover Transport Service to be used as a time source. If you do not want to synchronize to a time source, leave this field empty.
<TimeSourcePort> Designates the port on which the time source host listens for time source queries. If you do not want to synchronize to a time source, leave this field empty.
<Peers>
<Peer> Defines the IP address and port of the receiving Unica Discover Server environment. A <Peer> section must be defined for each receiving Unica Discover Server machine.
<Host> Specifies the IP address or host name of the Unica Discover Server receiving data from the DNCA host machine.
<Port> Specifies the IP port number on the Unica Discover Server to which the data is being sent.

The default value is 1966.
</Peers>
<PollingInterval> This setting is not currently being used.
<WatchdogTimer> Specifies the maximum time (in seconds) allowed to make a connection to the Unica Discover Server. If the timeout is exceeded, the connection is marked as disconnected.

The default value is 30 seconds.
</Delivery>
<ConfigurationChangeTime> Specifies the UNIX time (seconds since January 1, 1970 Coordinated Universal Time) since the last update made to the configuration file by the web console.
Note: Do not change this setting. This setting is automatically changed when there is an update through the web console.

<Extension/>

The <Extension/> setting is not used.

<Failover>

You can configure failover settings through the DNCA Web Console - Failover Tab.

Table 5. Failover settings
Configuration Option Description
<Enabled> If failover is enabled, a backup DNCA host machine (subordinate) takes over if the main one (Master) fails.
<MasterAddress> Address of the master failover machine.
<MasterPort> Port of the master failover machine.
<SlaveAddress> Address of the subordinate failover machine.
<SlavePort> Port of the subordinate failover machine.
<HeartbeatInterval> How long to wait between heartbeats.
<HeartbeatTimeout> The amount of time DNCA waits for a response to a heartbeat before calling it a timeout.
<TimeoutLimit> The number of consecutive heartbeat timeouts that are allowed before failover is forced.
<AutoFailback> Passes control (active state) from the subordinate DNCA host machine back to the Master DNCA host machine once the master machine is ready to take control again.
<FailbackDelay> The minimum number of seconds to wait before doing automatic failback.
<FailoverOnSvcRestart> This option determines whether a failover is triggered when the capture services are restarted on the active Unica Discover Network Capture Application server.
<RemoteMonitors>
<RemoteMonitor> A Remote Monitor is a computer (represented by a host name or IP address) that is allowed to receive failover state information by sending heartbeats to a DNCA host machine configured for failover.
<Host> Host name of the remote monitor.
<CanControl> If this option is enabled, the remote monitor can force a failover or failback.
</RemoteMonitor/>
</Failover>
</Conf>

<Pool>

You can configure SSL pool settings through the SSL tab in the DNCA web console.

Table 6. SSL pool settings
Configuration Option Description
<PoolPeer>

Contains the SSL pool configuration settings for the local DNCA server.

The default value is .
<IPv6>

Defines if the IP address uses IPv6.

The default value is false.
<Address>

IP address for the DNCA server

The default value is 9.19.145.49.
<Port>

Port number for the DNCA server

The default value is 11211.
<CacheSize>

Defines the size in MB of the memory cache that contains the SSL session information.

The default value is 256.
<Secure>

Enables or disables secure communication between DNCA servers in the SSL pool.

The default value is false.