Tuesday, November 23, 2010

Tealeaf Password Masking

When you have custom form field names, user name and password are displayed when replaying session using Tealeaf viewer. You can mask the password value with the following steps.

1) Login into Tealeaf Portal
2) Tealeaf -> TMS
3) Master -> Transport Service -> Privacy Filter Configuration -> View/Edit (Raw)
4) Append a Rule to existing set of rules. You can position the rule as needed. Define an Action.
Place these lines into Raw file.

[Rule3]
Enabled=true
Actions=password_block

[password_block]
Action=Block
Field=j_password

In this case, my html form field name is j_password.

5) Save and restart transport service.

posted by Jayanthi Krishnamurthy @ 5:42 AM   0 Comments

Monday, November 15, 2010

Tealeaf Capture Sessions for new website

Steps to add new website to track sessions through Tealeaf.

1) Login to PCP appliance URL.
http://ip_addr:8080/interface.php

2) Navigate to Filter Rules section.
Specify Host: {ip_address_of _website_to monitor} Port1: 80 Port2: 443
Click Add and Save changes.
If you are not using SSL, no need to add port 443.

3) Setup SSL
If you are monitoring SSL, you need to have the private keys for decryption.
Login into physical host of the appliance.
It is recommended you have the keys in PEM format.
If you have private key in .key file, simply rename the file from .key to .pem extension.
Copy the private keys to /usr/local/ctccap/etc directory in Tealeaf capture device.

Execute these commands:
cd /usr/local/ctccap/etc
mv mycert.key mycert.pem (optional)
tealeaf pem2ptl mycert.pem
PEM  file will be converted to PTL format.
On successful conversion, you should see the message
pem2ptl: notice: Successfully converted PEM file "mycert.pem" to PTL file: mycert.ptl

4) Login to Capture device console again.
http://ip_addr:8080/keys.php
If you are already in the console, navigate to SSL Keys
Select private keys to view -> Check Loaded

Add a private key:
Label:myappname File:/usr/local/ctccap/etc/mycert.ptl
Click Add and Save changes.

Optional: You can also verify the configuration in /usr/local/ctccap/etc/ctc-conf.xml.

5) Restart Tealeaf capture device
# tealeaf stop capture
# tealeaf start capture

6) Your new website sessions should now be tracked in Tealeaf.
Login into the Tealeaf portal and search for your sessions. Restart portal just in case you have any issues.

posted by Jayanthi Krishnamurthy @ 3:16 PM   0 Comments

Monday, November 8, 2010

JDK 32 or 64 bit

To find out if JDK is 32 or 64 bit, run java -version.

/opt/jdk/bin/java -version

A 64 bit JDK would  output
java version "1.6.0_22"
Java(TM) SE Runtime Environment (build 1.6.0_22-b04)
Java HotSpot(TM) 64-Bit Server VM (build 17.1-b03, mixed mode)

A 32 bit JDK would  output
java version "1.6.0_21"
Java(TM) SE Runtime Environment (build 1.6.0_21-b06)
Java HotSpot(TM) Server VM (build 17.0-b16, mixed mode)

If you don't see 64 bit in your output, most probably the JDK is 32-bit

posted by Jayanthi Krishnamurthy @ 4:19 PM   0 Comments

Saturday, November 6, 2010

Splunk Search App Customization

By default, Splunk search option All time is selected. To change the default option,

1) Login to Splunk server
2) From App dropdown at the top right, choose Manage Apps
3) Click view configuration corresponding to search link
4) Click dashboard
5) Change the selected param to Last 15 minutes instead of All time.
       <module name="TimeRangePicker">
            <param name="selected">Last 15 minutes</param>
You can choose any of the text value from search dropdown.
6) Your default search value is 15 minutes!

posted by Jayanthi Krishnamurthy @ 7:03 PM   0 Comments

Newer›  ‹Older