3. Other features and improvements
3.1. Performance
Sensor performance was improved with a dynamic resource allocation at the first boot and a better flow distribution during the capture.
3.2. Pairing process of the sensor
The command `unpair`
is now available to remove all pairing configuration from the sensor.
3.3. Business data deletion
The command `system delete-data`
is now available to remove all business data from the sensor.
3.4. `show status`
command
Additional information is available with the command `system delete-data`
:
Gcap FQDN : gcap.gatewatcher.com
Version : 2.5.4.0
Overall status : Running
Tunnel : Up
Detection Engine : Up and running
Configuration : Complete
Gcap name : gcap
Domain name : gatewatcher.com
Tunnel interface : 192.168.2.2
Management interface : 192.168.1.2
Gcenter version : 2.5.3.103
Gcenter IP : 192.168.2.3
Paired on Gcenter : Yes
Monitoring interfaces : mon0,mon2,mon4,monvirt
© Copyright GATEWATCHER ...
```
3.5. System update
The GCap probe operating system and the kernel have been updated.
3.6. Compatibility mode
A new compatibility mode is available for supporting GCenter v2.5.3.103.
3.7. IPSec connection
The configuration of IPsec service was optimized to improve the connection reliability between GCap and GCenter.
3.8. Visualization of the configuraiton in the CLI
All « show » commands are available when the detection engine is up.
3.9. Deprecated commands and features
3.9.1. High-availability
3.9.2. Sigflow: local rules
Local rules are no longer supported.
3.9.3. Creation of techsupport file
The creation of techsupport file must be exclusively performed with an non-interactive SSH session:
- From a Linux workstation:
`ssh -t setup@GCapX show tech-support large > /tmp/tech-supp-GCapX`
- From a Windows workstation:
`ssh -t setup@GCapX "show tech-support large" > C:\Temp\tech-supp-GCap`
3.9.4. Removed commands
The following orders have been removed:
The command`set advanced-configuration packet-filter`
to configure local XDP filtersThe configuration of XDP filters must be exclusively performed on GCenterThe command
`show advanced-configuration cpu-config`
to display CPU configurationThe command
`show/set advanced-configuration interfaces-names`
to display or configure the interface nameThe command
`show/set advanced-configuration load-balancing`
to display or configure the loadbalancing for capture interfaceThe command
`show/set advanced-configuration local-rules`
to display or configure the local rulesThe command
`show advanced-configuration memory-settings`
to display the memory configuration of detection engineThe command
`system reload-drivers`
to reload the drivers of network cards The command`show/set clusters`
to display or configure the cluster interfacesThe configuration of cluster interfaces must be performed with the command`set interfaces [interface-name] assign-role capture-cluster`
.The command
`gui`
to enter in the graphical configuration menuThe command
`show/set setup-mode`
to display or configurer de default mode for the configuration interfaceThe command
`show configuration`
to display Sigflow configurationThe command
`show logs`
to display log files
The commands related to service management:
`services start/stop/show {eve-generation|eve-upload|file-extraction|file-upload|filter-fileinfo|local-alerts|eve-compress}`