Service configuration EtherSensor Agent

<< Click to Display Table of Contents >>

Navigation:  Sensor Settings > EtherSensor Agent > Working with the Agent >

Service configuration EtherSensor Agent

EtherSensor Agent is configured by editing the configuration file: EtherSensor Agent [INSTALLDIR]\config\agent.xml.

Service configuration data EtherSensor Agent are stored in XML format in the agent.xml file in the [INSTALLDIR]\config directory:

<?xml version="1.0" encoding="UTF-8"?>
<Config version="1.1">
 <Local port="44444" markhttp="true" />
 
 <EtherSensor protocol="2">
   <server address="ethersensor.server1:44444" transport="udp" />
 </EtherSensor>
 <Filter>
   <Excludes>
     <application name="ethersensor_agent.exe" />
     <application name="mstsc.exe" />
     <application name="wmplayer.exe" />
     <application name="uTorrent.exe" />
     <application name="skype.exe" />
     <application name="wmpnetwk.exe" />
     <application name="winlogon.exe" />
     <application name="svchost.exe" />
     <application name="spoolsv.exe" />
     <application name="nissrv.exe" />
   </Excludes>
 </Filter>
 
 <EtherStat address="127.0.0.1:44445" ZMQKEY="" />
 <DataCollectionSetup>
   <Hardware duration_ms="10000" />
   <Software duration_ms="30000" />
   <OperatingSystem duration_ms="60000" />
   <Processes duration_ms="1000" />
   <Performance duration_ms="60000" />
   <Network duration_ms="60000" />
   <UserMonitor duration_ms="1000" />
   <DatabaseStore size="1" />
 </DataCollectionSetup>
</Config>

Config tag

It is the main configuration tag. The version attribute inside the Config tag defines the configuration version.

Local tag

The Local tag is nested within the Config tag and defines settings of the connection tracking module (ethersensor_lsp.dll). After the configuration is loaded the EtherSensor Agent service saves the settings to the Windows registry.

The port attribute defines the local UDP port the ethersensor_lsp.dll module uses to communicate with the EtherSensor Agent service.

The markhttp flag attribute allows or blocks HTTP traffic marking by the ethersensor_lsp.dll module.

The Local tag is nested within the Config tag and defines settings of the connection tracking module (ethersensor_lsp.dll). After the configuration is loaded the ethersensor_agent.exe service saves the settings to the Windows registry.

The port attribute defines the local UDP port the ethersensor_lsp.dll module uses to communicate with the EtherSensor Agent service.

The markhttp flag attribute allows or blocks HTTP traffic marking by the ethersensor_lsp.dll module.

The Local tag is nested within the Config tag and defines settings of the connection tracking module (ethersensor_lsp.dll). After the configuration is loaded the ethersensor_agent.exe service saves the settings to the Windows registry.

The port attribute defines the local UDP port the ethersensor_lsp.dll module uses to communicate with the EtherSensor Agent service.

The markhttp flag attribute allows or blocks HTTP traffic marking by the ethersensor_lsp.dll module.

EtherSensor tag

The EtherSensor tag is nested within the Config tag and defines the list of Microolap EtherSensor servers with which EtherSensor Agent exchanges information (over the UDP protocol) about the processes which create TCP connections in order to associate the workstation to the TCP session.

The protocol attribute defines the maximum version of the protocol used by EtherSensor Agent to send messages to the Microolap EtherSensor server. Version 3 of the protocol is the latest one. Support of this protocol requires Microolap EtherSensor version 4.3.3 or later. For compatibility with previous Microolap EtherSensor versions, set this field to 2.

server tag

The server tag is nested within the EtherSensor tag and defines the address and transport protocol of the Microolap EtherSensor server.

The address attribute defines the address and port used to communicate with the Microolap EtherSensor server. Possible addresses are IP:Port or DNSNAME:Port.

The transport attribute defines the transport protocol type used to communicate with the Microolap EtherSensor server. Possible options: udp.

Filter tag

The Filter tag is nested within the Config tag and defines filtering settings for messages sent to the Microolap EtherSensor server.

Excludes tag

The Excludes tag is nested within the Filter tag and defines the list of applications for which TCP connection data should not be sent to the Microolap EtherSensor server.

application tag

The application tag is nested within the Excludes tag and defines the application for which TCP connection data will not be sent to the Microolap EtherSensor server.

The name attribute defines the exact name of the tracked process.

Thus, EtherSensor Agent notifies the Microolap EtherSensor server only about TCP connections created for communication with other workstations and servers in the local network and on the Internet, and you can configure the settings to exclude certain processes from tracking.

EtherStat tag

Is nested within the Config tag and defines settings used to connect to the EtherStat monitoring and statistics system.
The address attribute defines the server address in the "IP address:port" format.
The ZMQKEY attribute must contain the key for the encrypted connection operation mode.

DataCollectionSetup tag

Is nested within the Config tag and defines timer settings for EtherSensor Agent service polling.

Hardware tag

Is nested within the DataCollectionSetup tag and uses the duration_ms attribute to define the timer (in seconds) to poll existing equipment.

Software tag

Is nested within the DataCollectionSetup tag and uses the duration_ms attribute to define the timer (in seconds) to poll installed software.

OperatingSystem tag

Is nested within the DataCollectionSetup tag and uses the duration_ms attribute to define the timer (in seconds) to poll OS data.

Processes tag

Is nested within the DataCollectionSetup tag and uses the duration_ms attribute to define the timer (in seconds) to monitor current processes.

Network tag

Is nested within the DataCollectionSetup tag and uses the duration_ms attribute to define the timer (in seconds) to poll network adapter data and configuration.

Performance tag

Is nested within the DataCollectionSetup tag and uses the duration_ms attribute to define the timer (in seconds) to poll OS performance data.

Users tag

Is nested within the DataCollectionSetup tag and uses the duration_ms attribute to define the timer (in seconds) to monitor user actions.

DatabaseSetup tag

Is nested within the DataCollectionSetup tag and defines the database size limit as percentage of free space on the HDD where EtherSensor Agent is installed.