Logical modules of the Agent

<< Click to Display Table of Contents >>

Navigation:  Sensor Settings > EtherSensor Agent >

Logical modules of the Agent

HTTP connection tracking and marking module (ethersensor_lsp.dll)

This module is impletented as Layered Service Provider. This means that the installed module embeds itself into the network application stack and transparently proxies (and tracks) all TCP connections created by local processes. The settings of the module are stored in the Windows registry.

UDP port of the EtherSensor EtherCAP service. The default port is 44444.

HTTP traffic marking flat, default value 1. If the flag is 1 then each HTTP query is marked with a X-Sensor-UID header in the following format: 554E4B4E-4F57-4E20-5555-494400000000, where 554E4B4E-4F57-4E20-5555-494400000000 is the unique user ID associated with a specific computer and specific user of this computer and is global throughout the company network.

The ethersensor_lsp.dll module uses the UDP protocol to communicate locally with the second main EtherSensor Agent module - the EtherSensor Agent service (the ethersensor_agent.exe process) and to forward to it details of the processes which create TCP connections.

The Microolap EtherSensor server communication module (EtherSensor Agent service).

This module is implemented as a Windows system service with the following functions:

Collection and transfer of data about workstation events over an encrypted TCP connection to the EtherStat monitoring and statistics server. If the data cannot be sent the EtherSensor Agent service saves them to the local database: [INSTALLDIR]\data.db.

Transfer of data about TCP connections of workstation processes to the Microolap EtherSensor server over the UDP protocol. You can use settings to specify the list of processes to be excluded from tracking.

Saving service logs to a file: [INSTALLDIR]\log\svcagent.log.

The ethersensor_agent.exe module extract configuration settings from the [INSTALLDIR]\config\agent.xml file. The EtherSensor Agent service must be restarted for any change in settings to come into force.