Selection Forwarding Readme

Jul. 1 2015 — 9:52 a.m.

Page 1 from Selection Forwarding Readme
USE ONLY Forwarding Selected MAILORDER Files Read Me This document explains how to configure an HKS cluster to forward selected sessions yia MAILORDER. Sessions are still scanned, tagged, and queryable in even if the quota limit (category throttling} has been exceeded for the day. Use this document to learn the procedures for switching all Digital Network Intelligence (UNI) ?ltering and selection to the collection system. Configu ring DNI Selection in xirs.con?g (UHFOUO) Follow these steps to configure xks.config to use the HKS collection system for DNI ?ltering and selection: 1. 2. (UHFOUO) Logon as the user oper. At the command line from within any directory, type vi config and then press Enter. The xksconfig file will open. In the inputs section of xksconfig set the following con?gurations: El . yes This enables session forwarding on the eeleoteol_output plugin. You can verify that session forwarding is set to yes in the defouit.xmi file located in lugine Note: Only after running the xke eetup plugine process, described on page 2, will you see the seiecteo?_output plugin enabled in defouit.xmi. category throttle true (ole fau 1t) . This sets the maximum number of sessions per?category to 10,000 and the total size forwarded for anygiyen category to be no greater than 16 B. If either of these limits is reached, XKEYSCO RE will no longer forward sessions that hit on that particular category for the rest of the day. It will, however, continue to process data for other categories. These limits are reset every 24 hours. All MAILORDER ?les will be stored on the Master server in: 1 I UNCLASSIFEDHFOR USE ONLY
Page 2 from Selection Forwarding Readme
OFFICIAL USE ONLY You can check the status of the category throttle using one of the following commands: I myeqle quota_etatua_ourrent The quota_l imite forwarding status for all categories. I myaqla quota_atatua_ye aterday The quota_l imite forwarding status for the previous day. I myaqla quota_tnrottled_ourrent The top 20 categories for the current day [The phrase "negatiye remaining? indicates the category was throttled}. d. ontput_looation master will begeneratedin: kas_d Then the mai lorder_pro :2 process on the Master will rename and move them to: ,H?xks_d e. mailorder yea {defau 1t} 0n the Master, this creates the mailorder_pro process that polls the mailorder_working directory and then moyesfrenames any MAILORDER files to IRfou tpnta fmailorder. 4. Type :wa and then press Enter to save and exit xksron?g. Additional Processes (UHFOUO) In addition to editing the configurations in xksronfig, it is important to run several set?up processes. 1. (UHFOUO) As the oper user, at the command prompt, type xke ee tup plugine and press Enter. This ensures any applicable changes to pl ugin con?gurations will take effect. 2. (UHFOUO) As the oper user, at the command prompt, type xke ee tup pro nee ee and press Enter. This will create the mailorder_proo process on the Master. 3. (UHFOUO) At the command prompt, type reyno pu en_oonfig and press Enter. This pushes the latest configuration changes to the slaves. 4. (UHFOUO) As the oper user, at the command prompt, type xke pron: start and press Enter . This will ensure all of the running processes pick up any configuration changes. 5. (UHFOUO) At the command prompt, type Xke proo aafereetart and press Enter. After setup is complete, this restarts for the new configurations to take effect. 2 OFFICIAL USE ONLY