Home
Installation, Deployment, and Upgrade
Installing Unica Discover involves planning and preparing your environment, installing and configuring prerequisite software, obtaining the Unica Discover installation files, and running the Unica Discover installer.
Discover Network Capture Application Manual
Configuring the DNCA
The Unica Discover Network Capture Application can be configured through a web-based console or through the configuration files that are stored on the DNCA server. The following information guides you on how to configure the DNCA.
Additional DNCA Web Console Debugging Information
DNCA Web Console - Interface Tab
View Instances
Traffic to Ignore

Installation, Deployment, and Upgrade
Installing Unica Discover involves planning and preparing your environment, installing and configuring prerequisite software, obtaining the Unica Discover installation files, and running the Unica Discover installer.
- Installation and Deployment Manual
- Discover Network Capture Application Manual
  - Discover Network Capture Application Overview
    Network Capture Application from Discover captures and records the complete interaction between the visitor and the web application environment by using a network tap or network switch spanning port. The Network Capture Application software features the following benefits:
  - Installing the Network Capture Application
    The following instructions can be used to assist the installation of your Network Capture Application software.
  - Configuring the DNCA
    The Unica Discover Network Capture Application can be configured through a web-based console or through the configuration files that are stored on the DNCA server. The following information guides you on how to configure the DNCA.
    - Configuration via Web Console
    - DNCA configuration files
      Configuration settings that are related to the Unica DiscoverNetwork Capture Application are available through the DNCA Web Console or, if needed you can use the vi editor to edit the configuration files that are located in /usr/local/dncauser/etc/.
    - Configuration via dcx-conf.xml
    - Configuration using runtime.conf
      Configuration settings that are related to the Unica DiscoverNetwork Capture Application are available through the DNCA Web Console or, if needed, the dcx-conf.xml.
    - SSL Decryption
    - DNCA Discover Command Line Reference
    - Prerequisites
    - Supported Browsers for DNCA Web Console
    - Example Configuration
    - Configuration Steps
    - Open DNCA Web Console
    - Testing Your Configuration
    - DNCA Web Console Login
    - DNCA Web Console Logout
    - Web Console Tabs
    - Configuration
    - Instance Compound Statistics
    - TCP Connections
    - Machine Health
    - Peers
    - Current Per Second Stats
    - Additional DNCA Web Console Debugging Information
      - DNCA web Console - Console Tab
      - DNCA Web Console - Interface Tab
        View Instances
        Disabling Packet Checksum Validation
        Traffic Segmentation
        Web Server Host IP/Port Addresses Filtering
        TCP Client Port Segmentation Filtering
        Populating Ports
        Filter Rules
        Instance List
        Traffic to Ignore
        Edit Filters
        Tuning Parameters
        Manual Changes to Interface Configuration
        Target Recipients
        Tuning Parameters
        Saving Changes
    - Use Discover Transport Service as Time Source
    - Deliver Statistics to Discover Transport Service
    - DNCA Web Console - SSL Keys Tab
      You can use this tab to review and edit the Loaded keys list and Missing keys list. To toggle between the lists, use the appropriate radio button:
    - Pipeline Settings
      The Pipeline tab allows users to edit configuration parameters such as capture, limits, and cookie IDs.
    - Capture Type Lists
    - Rule Manipulation
    - Test Manipulation
    - Action Manipulation
    - Key Manipulation
    - Add/Edit Rules
    - Add/Edit Tests
    - Add/Edit Actions
    - Add/Edit Keys
    - Privacy.cfg Reference
    - Logging Changes
    - Reference
    - Stats per Instance
    - Checking on System Health through stats.xml
    - Capture Software Processes
    - DNCA Statistics
    - Heartbeat
    - Auto Settings
    - Remote Monitors
    - Network Interfaces
    - System Utilities
    - Accessing Debug page
    - Page Overview
    - Providing DNCA ZIP to Support
    - DNCA Configuration File dcx-conf.xml
      If you cannot login to the web console, you can edit dcx-conf.xml to configure the Unica Discover Network Capture Application.
    - Configuring Multiple Listend-Routerd Pairs
      Configure Multiple Listend-Routerd Pairs (MLRP) to use multiple NICs to capture network traffic in an environment that produces a high volume of network traffic.
    - Configuring SSL Pools
      You can create SSL pools to group a set of DNCA servers together so that the DNCA servers can share SSL session information.
    - Some SSL hits missing from Firefox browser sessions
    - Beats Tab
      You can use the Beats tab to enable, disable, start, stop, and restart the Filebeat service. Open the DNCA application and access the Beats tab.
  - Upgrade for DNCA
    It is recommended that you always use the latest version of the Unica Discover Network Capture Application suitable for your version of Unica Discover.
  - Packet Forwarder Overview
    The Packet Forwarder is used to capture and forward hits to a cloud-based DNCA that is operating on a virtual machine.
  - SSL Keys
    For decrypting transmissions by using the SSL protocol, the Unica Discover Network Capture Application must be provided the SSL keys in use in the transaction stream.
  - Performance Measurement
    Performance measurement provides details on the Network Capture software performance and timestamp measurements.
  - Configuring DNCA on Red Hat Enterprise Linux™ (RHEL)
    The following sections contain important information for configuring DNCA in a Red Hat Enterprise Linux™ environment:
  - DNCA monitoring
    You can monitor the passive capturing to diagnose performance issues.
  - Overview of DNCA maintenance
    The maintenance utility performs routine maintenance and logging tasks for Discover DNCA. You can use the utility to help maintain the ability of the DNCA to perform DNCA.
  - DNCA frequently asked questions (FAQ)
    The following content contains frequently asked questions or scenarios that can be used to help isolate or fix an issue with your Network Capture Application.
  - Downloading Privacy Configuration
  - Enabling web console access through a single IP address
    You can specify a single IP address which can access the web console. Limiting access to a single IP address helps to prevent unauthorized access through an unknown system.
  - Applying authentication when accessing the web console
    You can improve security by enabling authentication to the web console.
- Unica Discover Session Archiving Installation Guide
  As you prepare for an installation, you need to gather some items, review hardware and software requirements, and then you can perform the installation.
- Discover Upgrade Manual

Traffic to Ignore

This section specifies traffic that the device must explicitly ignore. Even if a host-port pair in this list meets the criterion in the Desired Traffic section, the device does not capture it. To ignore all traffic for a host, enter * or All as the port.

When you specify host and port combinations to ignore, you are adding restrictions that matched packets must not be one of the host and port combinations. For example, suppose you wanted to capture all traffic to and from hosts that are communicating on ports 1, 2, and 3 except for the following host and port combinations:

Host: Port
1.2.3.4: 4
5.6.7.8: 5

The description of that traffic is the same as running the following single command:


tcpdump -n -i eth0 "((port 1) or (port 2) or (port 3)) and not \
((host 1.2.3.4 and port 4) or (host 5.6.7.8 and port 5))"

In the dcx-conf.xml, the example translates into the following XML:


<Ignores>
    <Ignore>
        <Address>1.2.3.4</Address>
        <Port>4</Port>
    </Ignore>
    <Ignore>
        <Address>5.6.7.8</Address>
        <Port>5</Port>
    </Ignore>
</Ignores>
<ListenTos>
    <ListenTo>
        <Port>1</Port>
    </ListenTo>
    <ListenTo>
        <Port>2</Port>
    </ListenTo>
    <ListenTo>
        <Port>3</Port>
    </ListenTo>
</ListenTos>

Have feedback?
Google Analytics is used to store comments and ratings. To provide a comment or rating for a topic, click Accept All Cookies or Allow All in Cookie Preferences in the footer of this page.