Services Config View - General TabServices Config View - General Tab
The General tab for a Decoder in the Services Config view provides a way to manage basic service configuration, configure data capture, and select the parsers that are applied to the captured data. To access the General tab, go to Admin > Services > select a Decoder or Log Decoder and click 
Workflow
The following figure depicts common Decoder configuration tasks with the steps you can complete in this view highlighted.
What do you want to do?
| User Role | I want to... | Documentation |
|---|---|---|
| Administrator | configure capture settings* | Configure Capture Settings |
| Administrator | manage parsers and log parsers* | Enable and Disable Parsers and Log Parsers |
|
Administrator |
start and stop data capture |
|
| Administrator | configure rules | Configure Decoder Rules |
*You can complete these tasks here.
Related Topics
- Decoder and Log Decoder Quick Setup
- Configure Common Settings on a Decoder
- Configure Parsers and Feeds
Quick Look
The first figure is an example of the General tab for a Decoder. The second is the General tab for a Log Decoder.
| 1 | System Configuration - Manages service configuration for a Decoder or a Log Decoder. |
| 2 | Decoder Configuration or Log Decoder Configuration - Lets you view and edit service configuration parameters for a Decoder or Log Decoder. |
| 3 | Parsers Configuration - Lets you select parsers to use on the Decoder or Log Decoder. |
| 4 | Service Parsers Configuration (Log Decoders only) - Lets you select service parsers to use on the Log Decoder. |
System Configuration Section
The System Configuration section manages service configuration for a Decoder. When a service is first added, default values are in effect and should be changed only in special circumstances, for example, if Customer Support advises a change.
The System Configuration section has these parameters.
| Parameter | Description |
| Compression | The minimum number of bytes that must be transmitted per response before compression. A setting of 0 disables compression. The default value is 0. A change in value is effective immediately for all subsequent connections. |
| Port | Determines the port used by the service. Note: If you change the port number, ensure that you restart the service. |
| SSL FIPS mode | If enabled, all the data transferred in the network will be encrypted using SSL. |
| SSL Port | Indicates the port used for encrypting using SSL. |
| Stat Update Interval | The number of milliseconds between statistic updates on the system. Lower numbers cause more frequent updates and can slow down other processes. The default value is 1000. A change in value is effective immediately. |
| Threads | The number of threads in the thread pool to handle incoming requests. A setting of 0 lets the system decide. A change takes effect on service restart. |
Decoder Configuration Section
The Decoder Configuration section provides a way to view and edit service configuration parameters for a Decoder or Log Decoder. When a service is first added, default values are in effect. You can edit these values to manage traffic capture.
Scrolling to the bottom of the section reveals these additional Decoder Configuration parameters.
Adapter Section
Adapter parameters configure the network interface for capture as described in Configure Capture Settings.
Cache Section
Cache parameters configure the cache directory and size for session cache files. The following table describes the cache settings. When a service is first added, default values are in effect and should be changed only in special circumstances, for example, if Customer Support advises a change.
| Cache Parameter | Description |
|---|---|
| Cache Directory | The directory where session cache files are stored. The default value is /var/netwitness/decoder/cache. Change takes effect immediately. |
| Cache Size | The maximum size, in Megabytes (MB), that all files in the cache directory can attain before the oldest files are deleted. Once the threshold is reached, the cache size is reduced by 10%. The default value is 4 GB. Change takes effect immediately. |
Capture Settings Section
The Capture Settings section provides a way to configure operational capture settings. When a service is first added, default values are in effect and should be changed only in special circumstances, for example, if Customer Support advises a change.
| Capture Settings Parameter | Description |
|---|---|
| Assembler Maximum Size | Specifies the maximum size in bytes that a session’s packet data size can attain. The default value is 32 MB. Change takes effect immediately. |
| Assembler Minimum Size | Specifies the minimum size in bytes that a session must have in order to generate metadata. A value of 0 means every session has metadata generated. The default value is 0. Change takes effect immediately. |
| Assembler Session Flush | Specifies whether a session is removed from the assembler when the session’s last chain is removed from the assembler. The default value is 1.
|
| Assembles Session Pool | Specifies the number of entries in the session pool. The default value is 350000. Change takes effect on service restart. |
| Assembler Timeout Packets | Specifies the number of seconds before a packet or chain is timed out. T default value is 60. Change takes effect immediately. |
| Assembler Timeout Session | Specifies the number of seconds before a session is timed out. Default value is 60. Change takes effect immediately. |
| Capture Autostart | Specifies whether capture begins automatically each time Decoder is started. When checked, the value = yes. When unchecked, the value = no. The default value is no. Change takes effect immediately. |
| Capture Buffer Size | The capture memory buffer allocation in Megabytes. Default value is 64 MB. Change takes effect on service restart. |
| Parse Maximum Bytes | The maximum number of bytes to scan a stream for additional tokens. When the first token is found, the stream is scanned up to the set number of bytes, but no further. A setting of 0 removes the early termination and the full stream is scanned regardless of size. The default value is 128 KB. Change takes effect immediately. |
| Parse Minimum Bytes | The minimum number of bytes to scan a stream for the first token. If no token is found within the set number of bytes, scanning is terminated. A setting of 0 removes the early termination and the full stream is scanned regardless of size. The default value is 1 KB. Change takes effect immediately. |
| Parse Threads | The number of parse threads to use for session parsing. A value of 0 means let the server decide. The default value is 0. Change takes effect on service restart. |
Database Max File Sizes Section
The Database Max File Sizes section controls the maximum file size for various databases. When a service is first added, default values are in effect and should be changed only in special circumstances, for example, if Customer Support advises a change.
| File Size Parameter | Description |
|---|---|
| Meta File Size | The maximum size of meta database files in Megabytes. The default value is 10 MB. Change takes effect on service restart. |
| Packet File Size | The maximum size of packet database files in Megabytes. The default value is 10 MB. Change takes effect on service restart. |
| Session File Size | The maximum size of session database files in Megabytes. The default value is 100 MB. Change takes effect on service restart. |
Hash Section
The Hash section settings control data base file hashing options. There is a small performance penalty when hashing.
| Hash Parameter | Description |
|---|---|
| Hash Directory | The server directory where all hash files are written. If empty, each hash file is written to the same directory as the file being hashed. The default value is blank. Change takes effect on service restart. |
Parsers Configuration Panel
The Parsers Configuration panel provides a way to select parsers to use on the Decoder. Within some parsers, you can also configure the metadata that the parser creates. See Enable and Disable Parsers and Log Parsers for detailed information and procedures.
Service Parsers Configuration Section for Log Decoder
The Service Parsers Configuration section provides a way to select Service parsers to use on the Log Decoder.
