Руководство по установке и конфигурированию

InfoWatch Traffic Monitor Enterprise 3.
I NF O WAT CH T R A F FI C MO NI TO R E NT E R P RI S E 3 .5

. +7 (495) 229-00-22 +7 (495) 229-00-22
http://www.infowatch.com
: 2011

.............................................................................................................................................................................. 5
........................................................................................................................................................................... 5
..................................................................................................................................................... 5
...................................................................................................................................... 6
.................................................................................................................................................... 6
........................................................................................................................ 7
1. INFOWATCH TRAFFIC MONITOR ENTERPRISE 3.5 ........................................................................ 8
1.1. InfoWatch Traffic Monitor Enterprise 3.5 .................................................................................................... 8
1.2. InfoWatch Traffic Monitor Enterprise 3.5....................................................................................................... 9
2. .......................................................................................................................... 10
2.1. ........................................................................................................................... 10
2.1.1. SMTP- ( relay-) .................................................... 10
2.1.2. Sniffer .............................................................................................. 12
2.1.3. HTTP-, ICAP ................................................................. 16
2.1.4. , InfoWatch Device Monitor ...................................................................... 19
2.1.5. DeviceLock ...................................................................................................................... 21
2.2. ............................................................................................................. 23
2.2.1. Traffic Monitor Server......................................................................................................................................... 23
2.2.2. Sniffer.................................................................................................................................................................. 24
2.2.3. IW ICAP ............................................................................................................................................... 25
2.2.4. ................................................................................. 25
2.2.5. Oracle ........................................................................................................................................ 26
2.2.6. Management Console ....................................................................................................................................... 26
2.3. Postfix...................................................................................................................................................... 27
3. ................................................................................................................................... 28
3.1. ................................................................................................................................................. 28
3.1.1. ....................................................................................... 28
3.1.2. ....................................................................................................................... 30
3.2. Traffic Monitor Server ................................................................................................................................................ 39
3.2.1. .................................................................................................................................... 40
3.2.2. .......................................................................................... 45
3.2.2.1. ........................................................................... 45
3.2.2.2. .......................................................................................... 47
3.2.3. ........................................................ 47
3.2.3.1. ................................................................................................ 47
3.2.3.2. ................................................................................................................ 48
3.2.4. DNS Active Directory .......................................................................................... 48
3.2.5. Postfix Traffic Monitor Server .................................................................................. 49
3.2.6. Sniffer ..................................................................................... 50
3.2.6.1. Sniffer ............................................................................................................. 50
3.2.6.2. Traffic Monitor Server.............................................................................................. 51
3.2.7. ........................................ 52
3.2.7.1. () ......................... 52
3.2.7.2. ( ) ...... 54
InfoWatch Traffic Monitor Enterprise 3.5
3.2.8. IW ICAP ....................................................................................................... 55

3.2.9. Traffic Monitor Server c .................................................. 59
3.3. Sniffer.......................................................................................................................................................................... 59
3.4. Management Console ............................................................................................................................................... 60
3.4.1. Management Console .................................................................................................................... 60
3.4.2. Oracle........................................................................................ 61
3.4.3. ........................................................................ 62
4. ............................................................................................................................... 63
4.1. .............................................................................................................................. 63
4.2. .................................................................................................................................. 64
4.3. ................................................................................................................................................. 65
4.3.1. ........................................................................................... 65
4.3.2. .................................................................................................................. 67
4.3.3. .................................................................................................... 69
5. ...................................................................................................................................... 70
5.1. ................................................................................................................................................. 70
5.1.1. ................................................................................................................................... 70
5.1.2. ....................................................................................................................... 71
5.2. ......................................................................................... 72
5.3. IW ICAP ....................................................................................................................................................... 72
5.4. Traffic Monitor Server ................................................................................................................................................ 73
5.5. Sniffer.......................................................................................................................................................................... 74
5.6. Management Console ............................................................................................................................................... 74
A. ORACLE .................................................................... 75
A.1. Oracle ............................................................................................................................................... 75
A.1.1. .......................................................................................................................... 75
A.1.2. ................................................................................................................................... 75
A.1.3. ................................................................................................................... 77
A.1.4. .................................................................................................................. 81
A.2. Oracle ................................................................................................................................................ 82
A.2.1. Oracle Linux ................................................ 83
A.2.1.1. ........................................................................................................................... 83
A.2.1.2. ................................................................................................................................... 84
A.2.2. Oracle ................................................................. 85
A.2.3. Oracle................................................... 85
B. ..................................................... 86
C. ................................................................................................................ 88
C.1. ...................................................................................................................... 88
C.2. Traffic Monitor Server ......................................................................................................................... 92
D. ...................................................................................................... 93
......................................................................................................................................................................... 94
.......................................................................................................................................................................... 96

InfoWatch Traffic Monitor
Enterprise 3.5.
, , ,
InfoWatch Traffic Monitor.
, , InfoWatch Traffic Monitor (Linux, Microsoft Windows).
InfoWatch Traffic Monitor , Oracle.
Oracle.

:
1. InfoWatch Traffic Monitor Enterprise 3.5 (. 8).
.
2. (. 10).
,
; .
3. (. 28).
.
.
4. (. 63).
.
5. (. 70).
.
A. Oracle (. 75).
Oracle.
.
B. (. 86).
,
.
C. (. 88).
, , .
D. (. 93).
,
.

:
InfoWatch Traffic Monitor Enterprise 3.5. .
InfoWatch Traffic Monitor Enterprise ( ,
/ , ).
InfoWatch Traffic Monitor Enterprise 3.5. .
( , ).
InfoWatch Device Monitor.
InfoWatch Device Monitor.
InfoWatch DeviceLock Adapter. .
InfoWatch DeviceLock Adapter.
InfoWatch DeviceLock
Adapter.
Oracle. .

. 1.
1.
(, .)
, ,

Courier New
, .
Traffic Monitor Server

:
service iw-trafmon status

service iw-caserv status

(
), ,
.

/usr/local/infowatch/tm3/etc/tm.
conf, [AUTO_RESTART]
COURIER NEW
( )
SQL, PL/SQL,
,
2 , .
7
2.
Courier New
Traffic Monitor Server:
Courier New ()
[]
1 | 2
service iw-trafmon stop

File __
[]
On | Off

,
:
InfoWatch,
.
InfoWatch , InfoWatch support@infowatch.com.
10-00 18-00 , .
http://www.infowatch.ru/support.html.

: http://www.infowatch.ru/faq/infowatch-traffic-monitor-enterprise. , .
1. INFOWATCH TRAFFIC
MONITOR ENTERPRISE 3.5
:
InfoWatch Traffic Monitor Enterprise 3.5 (. 1.1 . 8).
InfoWatch Traffic Monitor Enterprise 3.5 (. 1.2 . 9).
1.1. InfoWatch Traffic Monitor

Enterprise 3.5
InfoWatch Traffic Monitor Enterprise 3.5 .
InfoWatch Traffic Monitor Enterprise 3.5:
SMTP-. ( ),
relay-; ,
CISCO SPAN.
HTTP-. , -, ICAP-, , CISCO SPAN.
:
- Blue Coat HTTPS-, HTTPS- HTTP-.
ICQ- ( OSCAR),
CISCO SPAN. ICQ HTTP ICQ-
HTTP
!
ICQ-, SSL.
.
/ .
:
.
, InfoWatch Device
Monitor .
, DeviceLock ( 6.3 ), .
1.2. InfoWatch Traffic Monitor Enterprise

3.5
(Traffic Monitor Server, Sniffer, IW ICAP,

)
Traffic Monitor Server: , ,

, InfoWatch Device Monitor,
DeviceLock.
Sniffer: , SPAN- .
IW ICAP: , HTTP-,
ICAP.
:

, ( , )
Management Console
2.
:
(. 2.1 . 10).
(. 2.2 . 23).
Postfix (. 2.3 . 27).
2.1.
:
SMTP- ( relay-) (. 2.1.1 . 10).
Sniffer (. 2.1.2 . 12).
HTTP-, ICAP (. 2.1.3 . 16).
, InfoWatch Device Monitor (. 2.1.4 . 19).
DeviceLock (. 2.1.5 . 21).
.
2.1.1. SMTP- (
relay-)
SMTP- . SMTP- Traffic Monitor Server .
1. , (. . 1).
1. SMTP-
2. SMTP-, ,
(. . 2). SMTP- .
11
2. SMTP-
.
Traffic Monitor Server.
1.
, , ,
:
Traffic Monitor Server (. 2.2.1 . 23).
Oracle (. 2.2.5 . 26).
Management Console (. 2.2.6 . 26).
2.
Postfix
Postfix Traffic Monitor Server. Postfix . . . 2.3 . 27.
3.
Oracle (. A.1 . 75).

!
Traffic Monitor Server Oracle .
4.
1. , ,
Oracle, .
:
Oracle Linux (. A.2.1 . 83).
Oracle (. A.2.2 . 85).
Oracle (. A.2.3 . 85).
2. (. 3.1 . 28).
12
5.
1 (. . 1). . :
1. Traffic Monitor Server (. 3.2.1 . 40).
2. Traffic Monitor Server DNS (. 3.2.4 . 48).
2 (. . 2). . ( 128 /):
, SMTP-:
2. Traffic Monitor Server:
(. . 3.2.7.1
. 52).
DNS (. 3.2.4 . 48).
:
(. . 3.2.7.2 . 54).
DNS (. 3.2.4 . 48).
6.
Management Console
1. Management Console (. 3.4 . 60).

2. Management Console , Traffic Monitor Server ( , , ).
Smtp Copy.
InfoWatch Traffic Monitor. .
2.1.2. Sniffer
(SMTP, HTTP, ICQ) CISCO, SPAN-.
Sniffer. Sniffer Traffic Monitor Server
.
Traffic Monitor Server. Traffic Monitor Server. 3 .
!
Sniffer Traffic Monitor Server , , Sniffer.
.
13
1. (. . 3).
. , .
SMTP-, HTTP-, ICQ-
SMTP-, HTTP-, ICQ-
CISCO
SMTP-, HTTP-,
ICQ-
Sniffer + Traffic Monitor Server
3.
2. ,
(. . 4). , .
SMTP-, HTTP, ICQ-
SMTP-, HTTP, ICQ-
CISCO
SMTP-, HTTP, ICQ-
Sniffer
4.
14
3. . Traffic Monitor Server (. . 5). , .
SMTP-, HTTP-, ICQ-
SMTP-, HTTP-, ICQ-
CISCO
SMTP-, HTTP-, ICQ-

Sniffer

5. Traffic Monitor Server
4. . . . (. . 6).
SMTP-. HTTP-, ICQ-
SMTP-. HTTP-, ICQ-
CISCO

SMTP-. HTTP-, ICQ-
( 128 /)
Sniffer
Client
(Traffic Monitor Server)
Server
(Traffic Monitor Server)
6. Sniffer
.
1.
, , ,
:
Sniffer (. 2.2.2 . 24).
Oracle (. 2.2.5 . 26).
2.
15
Oracle (. A.1 . 75).

!
3.
1. , ,
Oracle, .
:
Oracle (. A.2.2 . 85).
Oracle (. A.2.3 . 85).
2. (. 3.1 . 28).
4.
Sniffer Traffic Monitor Server
1 (. . 3). . ( ). ,
:
1. Sniffer Traffic Monitor Server (. 3.3 . 59).
2 (. . 4). .
( ). ,
:
1. Sniffer (. 3.3 . 59).
2. :
Traffic Monitor Server (. 3.2.1 . 40);
Sniffer (. 3.2.6.1 . 50).
DNS (. 3.2.4 . 48).
3 (. . 5). .
( ).
, :
1. Sniffer (. 3.3 . 59).
Sniffer (. 3.2.6.1 . 50).
(. 3.2.6.2 . 51).
DNS (. 3.2.4 . 48).
.2, Traffic Monitor Server.
!
,
. Traffic Monitor Server Traffic
Monitor Server (. . 3.2.9 . 59).
16
4 (. . 6). .
( ).
.
, :
1. Sniffer (. 3.3 . 59).
2. :
Traffic Monitor Server (. 3.2.1 . 40);
(. . 3.2.7.1
. 52).
Sniffer (. 3.2.6.1 . 50).
DNS (. 3.2.4 . 48).
:
(. . 3.2.7.2
. 54).
DNS (. 3.2.4 . 48).
5.
Management Console

,
Sniffer (Smtp, Http, Icq) Copy.
2.1.3. HTTP-,
ICAP
- ICAP HTTP- Traffic Monitor Server .
/ .
:
- Blue Coat, HTTPS. - Blue Coat , HTTPS Traffic Monitor Server HTTP-.
: NTLM, LDAP, Basic, Digest.
!
Traffic Monitor Server - ICAP- .
, HTTP(S)- - (SQUID, Blue Coat).
.
17
1. , (. . 7).
7. HTTP-, ICAP
2 . , HTTP- .
HTTP- .
(. . 8).
8. HTTP-,
.
1.
, , ,
:
IW ICAP (. 2.2.3 . 25).
Oracle (. 2.2.5 . 26).
18
2.
Oracle (. A.1 . 75).

!
3.
, ,
Oracle, .
:
Oracle (. A.2.2 . 85).
Oracle (. A.2.3 . 85).
(. 3.1 . 28).
4.
1 (. . 7). . :
IW ICAP (. . 3.2.8 . 55).
DNS (. 3.2.4 . 48).
2 (. . 8). . ( 128 /):
, HTTP, ICAP:
IW ICAP (. . 3.2.8 . 55).
DNS (. 3.2.4 . 48).
(. . 3.2.7.1 . 52).
:
(. . 3.2.7.2
. 54).
DNS (. 3.2.4 . 48).
5.
Management Console

19
Http Normal
Transparent.
2.1.4. , InfoWatch Device

Monitor
( , ), InfoWatch Device Monitor,
Traffic Monitor Server .
1. , (. . 9).
9. InfoWatch Device Monitor
2. InfoWatch Device Monitor. , InfoWatch Device Monitor, Traffic Monitor Server.

. (. . 10).
10. InfoWatch Device Monitor
.
1.
, , ,
:
Oracle (. 2.2.5 . 26).
20
2.
Oracle (. A.1 . 75).

!
3.
1. , ,
Oracle, .
:
Oracle (. A.2.2 . 85).
Oracle (. A.2.3 . 85).
2. (. 3.1 . 28).
4.
1 (. . 9). . :
2 (. . 10). . ( 128 /):
, InfoWatch Device Monitor:
(. . 3.2.7.1
. 52).
DNS (. 3.2.4 . 48).
:
(. . 3.2.7.2
. 54).
DNS (. 3.2.4 . 48).
5.
Management Console

Device Copy.
21
2.1.5. DeviceLock
, DeviceLock, Traffic Monitor Server .
1. , (. . 11).
11. DeviceLock
2. DeviceLock. , DeviceLock, Traffic Monitor Server. . (. . 12).
12. DeviceLock
.
1.
, , ,
:
Oracle (. 2.2.5 . 26).
InfoWatch DeviceLock Adapter (. InfoWatch DeviceLock Adapter. ).
22
2.
Oracle (. A.1 . 75).

!
3.
, ,
Oracle, .
:
Oracle (. A.2.2 . 85).
Oracle (. A.2.3 . 85).
(. 3.1 . 28).
4.
1 (. . 11). . :
1. InfoWatch DeviceLock Adapter. :
2 (. . 12). . ( 128 /):
, DeviceLock:
1. InfoWatch DeviceLock Adapter. :
(. . 3.2.7.1
. 52).
DNS (. 3.2.4 . 48).
:
(. . 3.2.7.2
. 54).
DNS (. 3.2.4 . 48).
5.
23
Management Console

Dla Copy.
2.2.
:
Sniffer (. 2.2.2 . 24).
IW ICAP (. 2.2.3 . 25).
(. 2.2.4 . 25).
Oracle (. 2.2.5 . 26).
2.2.1. Traffic Monitor Server

50 /:
: , Red Hat Enterprise Linux Server 5.5 x8632: . https://hardware.redhat.com/.
HP ProLiant DL 360 G7 Server.
: Intel Xeon E5540 2.53 . 2 4 .
: DDR3 2 + 4 .
: SAS, 3 x 300 (10000 rpm) RAID 5.
Red Hat Enterprise Linux Server 5.5 x86-32 .

, ,
Linux.
Linux, rpm-,
, :
rpm qpR /___iwtm/xxxx.rpm
xxxx.rpm .
! .
Oracle 11g R2 (11.2.0.1.0).

: . . A.2.1 . 83.
24
2.2.2. Sniffer

Cisco Catalyst 2960 Series

SPAN
Sniffer CISCO. SPAN RX/TX. SPAN- Cisco Catalyst 2960 Series

:
http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_37_se/configuration/guide/sw
span.html#wp1036816

.
100 /
Intel Core2 Duo E6750 ( 2,66 )
Sniffer 50 /:
: , Red Hat Enterprise Linux Server 5.5 x8632: . https://hardware.redhat.com/.
- HP ProLiant DL 360 G7 Server.
: Intel Xeon E5502 1.87.
: 4 DDR3.
: SAS 300 (10000 rpm).
:

NAPI Promiscuous mode.
Intel Corporation 82540EM Gigabit Ethernet Controller
Gigabit Ethernet
Broadcom Corporation NetXtreme II BCM5708 1Gb

Intel PRO/1000 GT
Sniffer :
SPAN- CISCO.
SPAN- (
, ), SPAN-
.
. ,
Traffic Monitor Server ( Sniffer Traffic Monitor Server ).

Sniffer c Traffic Monitor Server,
, Traffic Monitor Server . 2.2.1 . 23.
25
Sniffer , :
Red Hat Enterprise Linux Server 5.5 x86-32 .

, ,
Linux.
Linux, rpm-,
, :
xxxx.rpm .
! .
2.2.3. IW ICAP
IW ICAP HTTP- -.
HTTP- Traffic Monitor Server ICAP ICAP-.
ICAP- -.

Traffic Monitor Server - ICAP- .
-:
SQUID 3.1.7, ICAP.
Cisco IronPort S10.
Blue Coat SG Series ICAP. , Blue Coat Systems .
, , Blue Coat
Proxy SG IW ICAP InfoWatch.
:
HTTPS-, - ,
HTTPS InfoWatch Traffic Monitor Server HTTP.
-. - . . 3.2.8 . 55.
ICAP- ICAP.
Traffic Monitor Server (. . 2.2.1 . 23).
.
2.2.4.
Traffic Monitor Server (. . 2.2.1

. 23). .
26
2.2.5. Oracle
InfoWatch Traffic Monitor Oracle Database
11g Release 2 (11.2.0.1.0) Linux x64.
Intel Xeon 2.4 .

( 8).
8 DDR3
RAID- SAS ( 1
). RAID-
200 GB ( ,
)
Red Hat Enterprise Linux Server release 5.5 x64 .

, ,
Linux.
Linux, rpm-,
, :
xxxx.rpm .
2.2.6. Management Console

Celeron 1.7
Pentium IV 3
512
Microsoft Windows XP Service Pack 3
.Net Framework
Microsoft .Net Framework 2.0 SP1
27
2.3. Postfix
:
1. Postfix , SMTP- Sniffer (. . 2.1.2 . 12).
2. (Microsoft Exchange .),
, Postfix relay-.
SMTP- Postfix (. . 2.1.1 . 10),
Traffic Monitor Server :
1. , Postfix ( ) .
2. system-switch-mail:
system-switch-mail
Postfix (MTA).
:
, .
, , :
rpm q system-switch-mail
3. Postfix:
service postfix stop
4. /etc/postfix/main.cf :
inet_interfaces = all
append_dot_mydomain = no
InfoWatch Traffic Monitor SMTP-,
relayhost. ip- ,
SMTP- Traffic Monitor Server.
Traffic Monitor Server SMTP-, relayhost,.
5. sendmail ():
rpm e sendmail
6. Postfix
service postfix start
3.
:
(. 3.1 . 28).
Traffic Monitor Server (. 3.2 . 39).
Sniffer (. 3.3 . 59).
Management Console (. 3.4 . 60).
3.1.
Traffic Monitor Server . :
(. 3.1.1 . 28).
(. 3.1.2 . 30).
!
,
(. 5 . 70).
3.1.1.
(
), . (SMTP-, HTTP- .), .
, . , .

. , . :
N = S/10/32
:
N ,
. .
S ( ).
.
0 1280

()
0 320
321 640
641 960
29

()
961 1280
:

. ,
80% . ( : * 32 .)
00 00 .

, .

(, ). ,
. , , .

.
!
, . ,
HTTP-, TTP- .
32 . :
N = TMAX/32
:
N ,
. .
TMAX ( ).
, 65 3.

. . , ,
, . ,
,
, .
.

, (
).
:
, .
,
. ,
, . -
30
. . , 3
, :
1.
2.
3.
1.
. .
,
1. .
3.1.2.
!
(..
).
1.
, :
Oracle;
Oracle recyclebin off . :
1. :
sqlplus sys@<SID> as sysdba
( <SID> - ), .
2. :
select name, value
from v$parameter p
where lower(p.NAME) = 'recyclebin'
recyclebin ( on),
. :
1. SYS :
alter system set RECYCLEBIN='off' scope=spfile
2. , recyclebin off.
, ,
Oracle 11g R2 (11.2.0.1.0), . , :
[X]:\app\[ ]\product\11.2.0\client_1\BIN\sqlldr.exe
:
[X] , Oracle;
[ ] , .
Oracle . A.2.1 . 83.
, :
, SYSDBA ( , SYS);
31
!
, :
, :
(),;\.:!~`#$%^*-_+ '[]{}|?<>
, .
30 .
, .
, .
(. . 3.1.1 . 28).
2.
CreateSchemaWizard.exe.
, , .
!
.
.
3.
OK.
.
4.
(. . 13) :
. , (
tnsnames.ora).
SYSDBA. , SYSDBA (, SYS).
SYSDBA. ,
SYSDBA.
32
13.
5.
:
B
. 86.
(. . 14):
. .
, _. . 10 .
!
. , .
, . .
, :
(),;\.:!~`#$%^*-_+ '[]{}|?<>
, . Oracle , . 30 .
33
14.
6.
Management Console , .
.
(. . 15):
. .
, _. . 10 . _ADM.
!

. , .
, . .
, :
(),;\.:!~`#$%^*-_+ '[]{}|?<>
, . Oracle , . 30 .
34
15.
7.
. Management Console , .
. .
, _. . 10 .
!
.
, .
, . .
, :
(),;\.:!~`#$%^*-_+ '[]{}|?<>
, . Oracle , . 30 .
35
16.
8.
, (. . 17):
. Linux .
, _. . 10 .
!
Linux . , .
, . .
, :
(),;\.:!~`#$%^*-_+ '[]{}|?<>
, . Oracle , . 30 .
36
17. Linux
9.
!
. 3.1.1 . 28.
(. . 18):
;
;
( );
, ( ).
37
18.
10.
!
. 3.1.1 . 28.
(. . 19):
, .
( );
, ( ).
( ) , .
. , . , 1
, (.. , 3 ).
38
19.
11.
!
. 3.1.1 . 28.
(. . 20):
( 10 ).
, (1 ).
( ).
:
5, .
39
20.
12.
01 00 .
, ( ) . . 100 .
, .
3.2. Traffic Monitor Server

:
(. 3.2.1 . 40).
40
(. 3.2.2 . 45).
(. 3.2.3 . 47).
DNS Active Directory (. 3.2.4 . 48).
Postfix Traffic Monitor Server (. 3.2.5 . 49).
Sniffer (. 3.2.6 . 50).
(. 3.2.7 . 52).
IW ICAP (. 3.2.8 . 55).
Traffic Monitor Server c (. 3.2.9 . 59).
3.2.1.
!
!
,
. Traffic Monitor
Server Traffic Monitor Server (.
. 3.2.9 . 59).
:
Traffic Monitor Server , ,
, (. . 5.4 . 73). Traffic Monitor Server,
, /usr/local/infowatch.
1.
, , Traffic Monitor Server, :

Oracle 11g R2 (11.2.0.1.0), . Oracle .
A.2.1 . 83. , :
/u01/app/oracle/product/11.2.0/client_1/bin
sqlldr.
. :
hostname f
, Traffic Monitor
Server. /etc/hosts IP-, , Traffic Monitor Server:
IP- __
:
10.1.10.120 tmserver.company.com tmserver
:
Reboot
, Linux, rpm-,
. :
rpm qpR xxxx.rpm
xxxx.rpm .
2.
41
Traffic Monitor Server ,

GPL

1. root:
su root
2. ( ):

tmcap-x.x.x-x.i686.rpm
.
Sniffer (.
. 2.1.2 . 12).
iwtm-x.x.x-x.i686.rpm
iwtm_gpl_components-x.x.xx.i686.rpm

, GPL (General Public License)
!
iwtm-x.x.x-x.i686.rpm
x.x.x-x InfoWatch Traffic Monitor.

, :
rpm -i /___
:
rpm -i /u01/tmcap-3.4.3-59.i686.rpm
rpm -i /u01/iwtm-3.4.3-59.i686.rpm
rpm -i /u01/iwtm_gpl_components-3.4.3-59.i686.rpm
tmcap /lib/modules/unam-r/extra.
iwtm /usr/local/infowatch/tm3.
gpl_components /usr/local/infowatch/tm3/tools.
3.
setup.sh:
/usr/local/infowatch/tm3/setup.sh
:
1. Enter user name to be used as an owner of InfoWatch Traffic Monitor
Traffic Monitor Server, . iwtm.
2. Enter group name to be used as an owner of InfoWatch Traffic Monitor
, InfoWatch Traffic
Monitor.
Oracle ( oinstall).
Oracle.
3. Select ip-addresses for IW SMTP Server
IP-, iw_smtpd
. :
IP-, , Traffic Monitor Server
( IP- );
42
127.0.0.1 , (
Postfix);
0.0.0.0 IP- ( ).
:
SMTP- ,
.
4. Select a port to be listened
,
iw_smtpd. (2025) Postfix.
5. Select a type of IW SMTP Server MTA installation
. :
relay to a Postfix instance running on localhost Postfix , Traffic Monitor Server ( ).
, Postfix.
relay to another smtp-server Postfix .
, Postfix ,
( ).
6. . ,
5.
, .. Traffic Monitor Server Postfix , :
Hostname of this machine
, Traffic Monitor Server.
, setup.sh.
Enter a port number used by target smtp-server
relay-, (
2020).
, .. Postfix ,
:
Enter a hostname or ip-address of target smtp-server
IP- relay-, .
Enter a port number used by target smtp-server
relay-, (
25).
7. Select Oracle Home to be used
, Oracle. ORACLE_HOME /etc/profile.
Oracle, . .
8. Oracle:
Oracle User Name (InfoWatch Traffic Monitor Linux DB User)
Linux ( , .
. 3.1.2 . 30, 6). IWTM_LINUX.
43
Oracle Password (InfoWatch Traffic Monitor Linux DB User)

Linux ( , . . 3.1.2
. 30, 6).
!
Traffic Monitor Server Linux ,
Linux .
. C.2 . 92
Oracle Connection String
( tnsnames.ora).
:
tnsnames.ora
/ORACLE_HOME/network/admin ( /ORACLE_HOME ,
Oracle).
9. Do you want to set up interaction with Postfix?
, Postfix SMTP- (
y ). :

SMTP- Postfix
y ( )
SMTP-
. SMTP-. Postfix
y ( )
SMTP- Sniffer
SMTP- (, Traffic Monitor

Server Sniffer)
4.
:
Traffic Monitor Server Sniffer (.
. 2.1.2 . 12, 2 4), .
.
30 Traffic Monitor Server. , (. . 3.2.2 . 45).
. , (.
. 3.2.3 . 47).
5.
Postfix
Traffic Monitor Server Postfix, , (. . 3.2.5 . 49).
Sniffer
44
Sniffer,
Sniffer (. . 3.2.6.1 . 50).
Traffic Monitor Server , (. . 3.2.6.2 . 51).

, , , :
Traffic Monitor Server (.
. 3.2.7.1 . 52;
(. . 3.2.7.2 . 54).
IW ICAP
HTTP- ICAP-, IW
ICAP (. . 3.2.8 . 55).
6.
, Traffic
Monitor Server :
iw_smtpd
SMTP-
iw_messed
SMTP- ( Sniffer)
iw_deliverd
SMTP-
iw_sniffer
Sniffer
iw_proxy SMTP
SMTP-, HTTP- ICQ- Sniffer.

HTTP
ICQ
HTTP-, ICAP-.
iw_proxy HTTP
iw_proxy ICQ
iw_icap
, IW ICAP
iw_expressd
InfoWatch Device
Monitor
DeviceLock
iw_qmover_server
. .
,
iw_qmover_client
.
.
,
45
iw_dbloader
iw_updater
iw_warpd
iw_adlibitum
!
, (iw_smtpd,
iw_proxy, iw_expressd, iw_icap). .
/ :
2. /usr/local/infowatch/tm3/etc/tm.conf, [AUTO_RESTART] :
, : autorestart = On
( iw_sniffer):
iw_sniffer:
autorestart = On
, : autorestart = Off
service iw-trafmon start
3.2.2.
:
(. 3.2.2.1 . 45).
(. 3.2.2.2 . 47).
3.2.2.1.
30 Traffic
Monitor Server. , , .
iw_licence.dat,
.
iw_customer.dat. iw_lickey, Traffic
Monitor Server. , iw_lickey ,
.
. 3.2.2.2 . 47.
:
( iw_licence.dat) - , (
iw_customer.dat). , iw_licence.dat
InfoWatch Traffic Monitor .
46
Traffic Monitor Server, Traffic Monitor

Server . , Traffic
Monitor Server, iw_customer.dat (
).
iw_licence.dat.
( ).
/ InfoWatch Traffic Monitor
iw_licence.dat - .

,
:
;
Traffic Monitor Server;
.
( ) , .
(. 5 . 70).
, . , :

SMTP- ( relay-)
SMTP ,
Postfix . . 2.3
. 27 . 3.2.5 . 49
SMTP- (
relay-).
SMTP-, HTTP- ICQ-

Sniffer
HTTP- ICAP
IW ICAP - (. . 5.3 . 72)
InfoWatch Device Monitor
DeviceLock
InfoWatch DeviceLock Adapter (. InfoWatch DeviceLock Adapter.

).
.
47
3.2.2.2.
!
Traffic Monitor
Server. Traffic Monitor Server .
Sniffer ( Traffic Monitor Server) .
:
1. iw_lickey, /usr/local/infowatch/tm3/bin. /usr/local/infowatch/tm3/bin
iw_customer.dat.
2. iw_customer.dat
InfoWatch. iw_customer.dat iw_licence.dat.
3. iw_licence.dat,
InfoWatch,
/usr/local/infowatch/tm3/etc. iw_licence.dat, .
!
, iw_customer.dat.
HTTP- ICAP, iw_licence.dat Traffic Monitor Server (
iwtm):
chown iwtm:oinstall iw_licence.dat
:
Traffic Monitor Server /usr/local/infowatch/tm3/etc/tm.conf,
[GENERAL], user.
4. , Traffic Monitor Server:
service iw-trafmon restart
!
, (iw_smtpd,
iw_proxy, iw_expressd). .
3.2.3.

:
(. 3.2.3.1 . 47).
(. 3.2.3.2 . 48).
3.2.3.1.
. Traffic
Monitor Server . , .
48
license, trial.info. (
30 ):
( ) + (
);
( ) + ( ).
.
, .
, .
( ) Traffic Monitor Server.
:
;
.
3.2.3.2.
!
.
:
1.
Traffic
/usr/local/infowatch/tm3/etc/tm.conf.
Monitor
Server
[CAS] tm.conf EngineLic trial.info.

2. , (CAS):
service iw-caserv restart
:
1. InfoWatch. .
2.
Traffic
/usr/local/infowatch/tm3/etc/tm.conf.
Monitor
Server
[CAS] tm.conf EngineLic.

3. , (CAS):
service iw-caserv restart
3.2.4. DNS Active Directory

InfoWatch Traffic Monitor Active Directory ( . InfoWatch Traffic Monitor), AD
, Traffic Monitor DNS .
/etc/resolv.conf :
search < >
nameserver <ip DNS >
49
:
search company.com
nameserver 10.10.0.98
nameserver 10.10.0.106
3.2.5. Postfix Traffic Monitor

Server
!
, , Traffic Monitor Server , Postfix.
Postfix SMTP- 25 . SMTP-
(-) iw_smtpd 2025. Traffic Monitor Server SMTP-. iw_messed , , 2020 Postfix (. . 21). Postfix , relay-.
21. Postfix
, InfoWatch Traffic Monitor

Postfix, Traffic Monitor Server (. . 3.2.1 . 40).
master.cf tm.conf:
/etc/postfix/master.cf:
smtp
inet n
n
smtpd
-o content_filter=smtp:127.0.0.1:2025
pickup
fifo n
n
60
1
pickup
-o content_filter=smtp:127.0.0.1:2025
:
127.0.0.1:2020
inet n
n
21
smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
50

-o myhostname=<$hostname>
/usr/local/infowatch/tm3/etc/tm.conf:
tm.conf
[SMTPD]
ListenAddr = 127.0.0.1
ListenPort = 2025
[MESSED]
Relay = 127.0.0.1
RelayPort = 2020
[DELIVERD]
Relay = 127.0.0.1
RelayPort = 2020
3.2.6. Sniffer
:
Sniffer (. 3.2.6.1 . 50).
Traffic Monitor Server (. 3.2.6.2 . 51).
3.2.6.1. Sniffer
Traffic Monitor Server. ,
Sniffer Traffic Monitor Server .
/usr/local/infowatch/tm3/etc/tm.conf, :
[PROXY_SMTP], [PROXY_HTTP],
[PROXY_ICQ]:
SnifferInterface
, CISCO. :
;

SnifferPorts
, . ,
/ .
( )
/ ( ). :
"80, 8080 9090".
SnifferLiveTimeout
(), ESTABLISHED. ,
SnifferOpenTimeout
( )
SnifferCloseTimeout
( )
TIME_WAIT
SnifferQueueMemorySize
( ), . , .
51
: 1 500 . 104857600.
SnifferHost
IP- Sniffer
SnifferPort
, Sniffer
[PROXY_HTTP] Off SkipNegotiate.

ICQ-, - ( HTTP),
[PROXY_HTTP] On IcqFilter.
3.2.6.2. Traffic Monitor Server

Sniffer Traffic Monitor Server. .
!
1. Traffic Monitor Server. 3- .
2. Sniffer Traffic Monitor Server
,
Sniffer.
Traffic Monitor Server, ,
. /usr/local/infowatch/tm3/etc/tm.conf,
[PROXY_SMTP], [PROXY_HTTP], [PROXY_ICQ].
:
SnifferClusterID
, Traffic
Monitor Server. .
. , icq 1
!
Traffic Monitor Server, , .
SnifferBalancer
(
Traffic Monitor Server iw_proxy). :
Connection. TCP- Traffic
Monitor Server iw_proxy. , Traffic Monitor Server.
SrcIp. Traffic Monitor
Server iw_proxy IP- . ,
IP- Traffic Monitor Server.
! SrcIp
PROXY_HTTP, ICQ-, ( HTTP).
Connection
52
. Traffic Monitor Server

SMTP- HTTP- Sniffer. Traffic Monitor Server (. . 22).
Traffic Monitor Server /usr/local/infowatch/tm3/etc/tm.conf:

[PROXY_SMTP]:
SnifferClusterID = smtp
SnifferBalancer = Connection
[PROXY_HTTP]:
SnifferClusterID = http
SnifferBalancer = Connection
3.2.7.

:
() (. 3.2.7.1
. 52).
( )
(. 3.2.7.2 . 54).
3.2.7.1.
()
1.
1. , Linux,
. :
rpm qpR /___iwtm/iwtm_qmover-x.x.x-x.i686.rpm

2. Traffic Monitor Server iwtm_qmover-x.x.x-x.i686.rpm
( x.x.x-x InfoWatch Traffic Monitor). (
root):
rpm -i /___iwtm/iwtm_qmover-x.x.x-x.i686.rpm
:
rpm -i /u01/iwtm_qmover-3.4.3-59.i686.rpm
53
/usr/local/infowatch/tm3
3. qmover-setup.sh:
/usr/local/infowatch/tm3/qmover-setup.sh
4. :
Select remote queue setup type?
client.
Enter TM EE qmover server's IP address.
IP-, ( ),
. 127.0.0.1.
Enter TM EE qmover server's port number.
, . 16888.
service iw-trafmon restart
2.
iw_qmover_client.
iw_dbloader, iw_deliverd iw_adlibitum.
/ :
2. /usr/local/infowatch/tm3/etc/tm.conf, [AUTO_RESTART] :
, : autorestart = On
( iw_qmover_client):
iw_qmover_client:
autorestart = On
, : autorestart = Off
3.
128 /.
.
iw_qmover_channel__width_setter.
128 / 2 M/ .
:
()
crond
iw_qmover_channel__width_setter .
:
iw_qmover_channel__width_setter <_>
:
_ (/), .
54
256 /. , 9.00 18.00 50 %. 18.00 9.00 100%.

1. , .
:

9.00 18.00
50%
128
18.00 9.00
100%
256
2. cron :
00 9 * * * iwtm /usr/local/infowatch/tm3/bin/iw_qmover_channel_width_setter 128
00 18 * * * iwtm /usr/local/infowatch/tm3/bin/iw_qmover_channel_width_setter 256
3.2.7.2.
( )
1.
1. , Linux,
. :
rpm qpR /___iwtm/iwtm_qmover-x.x.x-x.i686.rpm

2. Traffic Monitor Server iwtm_qmover-x.x.x-x.i686.rpm
( x.x.x-x InfoWatch Traffic Monitor). (
root):
rpm -i /___iwtm/iwtm_qmover-x.x.x-x.i686.rpm
:
rpm -i /u01/iwtm_qmover-3.4.1-169.i686.rpm
:
3. qmover-setup.sh:
/usr/local/infowatch/tm3/qmover-setup.sh
4. :
Select remote queue setup type?
server.
Enter TM EE qmover server's port number.
, , ( ). 16888.
Enter number of clients.
, .
Please enter IP address of client N.
IP- N. 127.0.0.1.
.
55
:
/usr/local/infowatch/tm3/etc/tm.conf, [AUTO_RESTART] iw_qmover_server.
Traffic Monitor Server. . . 3.2.1 . 40, 6 .
2.
Traffic Monitor Server ()

/usr/local/infowatch/tm3/queue/db. , (.. ).

. (server)
,
1. /usr/local/infowatch/tm3/etc/qmover.conf.
2. [client_N] (N ) QueuePath,
, .
.
. 2, .
!
.
3. . iw_qtool :
iw_qtool move <-> <->
:
- N ( c
QueuePath [client_N]).
- (
queue/db).
:
iw_qtool move /u01/client_1 /usr/local/infowatch/tm3/queue/db
4. crond iw_qtool .
3.2.8. IW ICAP
1.
, Linux, IW ICAP. :
rpm qpR /___iwtm/iwtm_icap-x.x.x-x.i686.rpm
2.
IW ICAP
Traffic Monitor Server iwtm_icap-x.x.x-x.i686.rpm ( x.x.x-x

InfoWatch Traffic Monitor). ( root):
rpm -i /___iwtm/iwtm_icap-x.x.x-x.i686.rpm
56
:
rpm -i /u01/iwtm_icap-3.4.3-59.i686.rpm
:
:
/usr/local/infowatch/tm3/etc/tm.conf, [AUTO_RESTART] iw_icap.
Traffic Monitor Server. . . 3.2.1 . 40, 6 .
3.
HTTP- -.
!
, HTTP(S)- - (SQUID, Blue Coat).
.
SQUID
- :
ICAP;
ICAP-: Request Mod;
IP- ICAP-, HTTP-. ICAP- IW ICAP. IP- , .
ICAP SQUID 3.1.7
squid.conf :
icap_enable on
icap_preview_enable off
icap_send_client_ip on
icap_send_client_username on
icap_service service_1 reqmod_precache 0 icap://IP_TM_Server:Port_TM_Server/reqmod
icap_class class_1 service_1
icap_access class_1 allow all
never_direct allow all
IP_TM_Server - IP- Traffic Monitor Server, Port_TM_Server , Traffic Monitor

Server ICAP ( 1344).
- Active Directory SQUID
3.1.7 CentOS 5.5 / RHEL 5.5
:
, , -.
-.
1. , :
squid3
samba
samba-common
57
kerberos
2. samba (/etc/samba/smb.conf):
[global]
workgroup = EXAMPLE
server string = Samba server %v
netbios name = machine
security = ADS
realm = EXAMPLE.COM
password server = 192.168.1.1
encrypt passwords = Yes
preferred master = No
domain master = No
:
EXAMPLE , ICAP-;
EXAMPLE.COM DNS ICAP-.
3. kerberos (/etc/krb5.conf):
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
EXAMPLE.COM = {
kdc = dc.example.com:88
admin_server = dc.example.com:749
default_domain = example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
4. /etc/nsswitch.conf:
passwd: files winbind
group: files winbind
shadow: files
5. /etc/hosts FQDN ICAP-. ..:

192.168.1.2
squid.example.com
6. smb.conf:
testparm
, samba:
58

/etc/init.d/smb restart
7.
net ads join U username
username .
8. winbind:
winbindd
/etc/init.d/smb restart
9. winbind:
, :
wbinfo u
, :
wbinfo g
10. /etc/squid/squid.conf, :
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm keep_alive on
acl ntlm_users proxy_auth REQUIRED
http_access allow ntlm_users
/etc/init.d/squid restart
ICAP Blue Coat SG Series

- ICAP Request Mod, Traffic Monitor Server. Web-,
.
:
, , -.
-.
HTTPS-, Blue Coat , HTTPS HTTP-. -.
1. Configuration.
2. External Services ICAP. tm. :
Service URL: icap://<TM_server_IP>/reqmod
: icap://10.60.0.20/reqmod.
Maximum number of connections: 10
Connection timeout: 70
This service supports plain ICAP connection. Plain ICAP port 1344.
!
Plain ICAP port ListenPort
/usr/local/infowatch/tm3/etc/icap.conf, [ICAP].
ListenPort , .
ICAP v1.0 Options :
o
Method supported: request modification
o Send. Authenticated User, Client address Server address.
59
3. Health Checks General. ,

Health Checks :
icap.tm
, Perform health check.
3.2.9. Traffic Monitor Server c

!
,
.

. Traffic Monitor Server,
.
Traffic Monitor:
service iw-caserv stop

/usr/local/infowatch/tm3/etc/tm.conf, 0.0.0.0:
[CAS]
ListenAddr=0.0.0.0
Traffic
Monitor
Server
/usr/local/infowatch/tm3/etc/tm.conf, [FILTER],
.
:
service iw-caserv start
3.3. Sniffer
1.
Sniffer
Traffic Monitor Server . 3.2.1 . 40.



Sniffer ( )
,
Postfix, ( n).
iw_sniffer.
60

CISCO ( Sniffer),
( Traffic Monitor Server)
,
Traffic Monitor Server. Postfix, ( n).
2.
iw_sniffer.
iw_dbloader, iw_updater, iw_warpd iw_adlibitum.
: iw_proxy ICQ, iw_proxy HTTP, iw_proxy SMTP.
.
Sniffer :
1. Traffic Monitor Server, :
2. /usr/local/infowatch/tm3/etc/tm.conf, [SNIFFER],
:
Host. IP-, .
Port. ,
3. iw_sniffer:
3.4. Management Console

:
Oracle (. 3.4.2 . 61).
(. 3.4.3 . 62).
3.4.1. Management Console

1.
Setup.Gui.Ru. setup.exe.
"InfoWatch Traffic Monitor
Management Console".
.
2.
. , .
3.
61
, Management Console, .
Management Console:
. , .
. , .
.
4.
, , Management Console.
, Management Console.
5.
, Management Console, . , Management Console, ,

. ( ). . , .
3.4.2. Oracle
Management Console
Oracle.
Oracle:
1. NLS_LANG RUSSIAN_CIS.AL32UTF8.
:
HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\KEY_OraClient11g_home#\NLS_LANG
# . KEY_OraClient11g_home#
# OraHome_#.
!
(, ,
Oracle), (, ) Oracle.
2. Oracle
tnsnames.ora. :
C:\Program Files\InfoWatch\Traffic Monitor\Management Console\instantclient_11_1
tnsnames.ora , :
IWTM =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = iwtm_host)(PORT = 1521))
)
62

(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = iwtm_service_name)
)
)
iwtm_host Oracle. iwtm_service_name

.
3. Oracle (. . A.2.3 . 85).
3.4.3.
Management Console :
1. Traffic Monitor Server.
2. .
3. ( ),
.
:
, InfoWatch Traffic
Monitor.
4.
InfoWatch Traffic Monitor, 3.4.0, .
:
(. 4.1 . 63).
(. 4.2 . 64).
(. 4.3 . 65).
4.1.
Traffic Monitor Server .
,
.
!
, .
:
1. (. . 4.2 . 64).
2. (. . 4.3.2 . 67).
3. .
!
Red Hat
Enterprise Linux Server 5.5 x86-32.
. 2.2 . 23.
:

Sniffer

1. Traffic Monitor Server (. . 5.4
. 73).
2. Traffic Monitor Server. :
SMTP- ( relay) (. 2.1.1 . 10).
HTTP-,
ICAP (. 2.1.3 . 16).
, InfoWatch Device Monitor
(. 2.1.4 . 19).
DeviceLock (. 2.1.5 . 21).
64
Sniffer
Sniffer Traffic Monitor Server :

1. Sniffer (. 5.5 . 74) Traffic
Monitor Server (. . 5.4 . 73).
2. Sniffer ( Linux). . 3.3
. 59.
3. Traffic Monitor Server.
Sniffer Traffic Monitor Server :
1. Traffic Monitor Server (. . 5.4
. 73) Sniffer (. . 5.5 . 74).
2. Sniffer Traffic Monitor Server.
Linux. . 3.3 . 59.
4. Management Console (. . 5.6 . 74)

(. . 3.4.1 . 60).
!
Management Console .
Management Console Traffic Monitor
Server (. InfoWatch Traffic Monitor. ).
.
.
4.2.
:
2. iw_proxy, iw_smtpd iw_expressd

/usr/local/infowatch/tm3/etc/tm.conf, [AUTO_RESTART]:
autorestart = Off

4. , . ( . , . 3.2.6 [QUEUE]).
:
, ,
.
65
4.3.
:
(. 4.3.1 . 65).
(. 4.3.2 . 67).
(. 4.3.3 . 69).
4.3.1.
. :
SELECT vers.get_schema_version
FROM dual
, :
Oracle;
Oracle recyclebin off . :
1. :
sqlplus sys@<SID> as sysdba
( <SID> - ), .
2. SYS :
select name, value
from v$parameter p
where lower(p.NAME) = 'recyclebin'
recyclebin ( on),
. :
1. SYS :
alter system set RECYCLEBIN='off' scope=spfile
2. oracle .
:
lsnrctl stop
dbshut
:
lsnrctl start
dbstart
3. , recyclebin off.
, ,
Oracle 11g R2 (11.2.0.1.0), . , :
[X]:\app\[ ]\product\11.2.0\client_1\BIN\sqlldr.exe
:
[X] , Oracle;
[ ] , .
Oracle . A.2.1 . 83.
66
, SYSDBA ( ,
SYS);
!
, :
, :
,;\.:!~`#$%^*()-_+<'[]{}|>?
, .
15 .
, .
, .
, , . , .
:
, ,
.
, Example ( EX1) EXAMPLE ( EX2),
Example_EX1 EXAMPLE_EX2 .
, :
1. Management Console. , . .
2. IWADDPARTS, IWTM_SYNC_INDEXES IWDROP (
), :
BEGIN
dbms_scheduler.disable('IWDROP',true);
dbms_scheduler.disable('IWADDPARTS',true);
dbms_scheduler.disable('IWTM_SYNC_INDEXES',true);
COMMIT;
END;
3. , .
user_scheduler_jobs, :
SELECT job_name,next_run_date,last_run_duration
FROM user_scheduler_jobs
:
job_name .
next_run_date .
last_run_duration , . null , .
- , .
67
4.3.2.
. ( 1 ).
!
(..
).
:
1. , (. . 4.3.1 . 65).
2. , , *. .
1.
CreateSchemaWizard.
Setup.exe.
, , .
!
.
.
2.

OK.
.
.
3.
(. . 23) :
. , (
tnsnames.ora).
SYSDBA. SYSDBA.
68
23.
4.
(. . 24):
. .
. .
24.
. .
:
, .
69
4.3.3.
:
1. :
sqlplus db_login/db_password@tns_name
db_login db_password , tns_name

TNS.
, SQL *Plus:
SQL>

3. . :
/var/log/messages
, InfoWatch.
4. IWADDPARTS, IWTM_SYNC_INDEXES, IWDROP (
):
BEGIN
dbms_scheduler.enable('IWDROP');
dbms_scheduler.enable('IWADDPARTS');
dbms_scheduler.enable('IWTM_SYNC_INDEXES');
COMMIT;
END;
5.
:
(. 5.1 . 70).
(. 5.2 . 72).
IW ICAP (. 5.3 . 72).
Traffic Monitor Server (. 5.4 . 73).
Sniffer (. 5.5 . 74).
Management Console (. 5.6 . 74).
5.1.
:
(. 5.1.1 . 70).
(. 5.1.2 . 71).
5.1.1.
, :
Oracle;
, ,
Oracle 11g R2 (11.2.0.1.0), . Oracle . A.2.1 . 83.
, SYSDBA ( );
, , .
:
:
FROM dual
Traffic Monitor Create Schema Wizard :

Management Console;
c , .
71
5.1.2.
!
, .
.
:
(. . 5.1.1 . 70).
, , *.
.
1.
CreateSchemaWizard. Setup.exe.
, , .
!
.
.
2.
OK.
.
.
3.
( , . 23)
:
. , (
tnsnames.ora).
SYSDBA. SYSDBA.
.
4.
(. . 25):
. , .
72
25.
. .
.
5.2.

:
1. :
rpm -e iwtm_qmover
(qmover.conf) ,
qmover.conf.rpmsave.
2. ( ) cron , ( . . 3.2.7.1 . 52, 2).
5.3. IW ICAP
HTTP- ICAP , IW_ICAP.
IW_ICAP:
2. iw_icap /usr/local/infowatch/tm3/etc/tm.conf,
[AUTO_RESTART]:
iw_icap:
autorestart = Off


service iw-trafmon status
iw_icap , status iw_icap.
73
5. - ( . . 3.2.8 . 55,
2).
rpm- iwtm_icap.
rpm- IW ICAP:
:
rpm -e iwtm_icap
(icap.conf) ,
icap.conf.rpmsave.
5.4. Traffic Monitor Server

Traffic Monitor Server, :
(. 5.2 . 72). Traffic Monitor Server
( ).
IW ICAP (. 5.3 . 72). HTTP-
ICAP-.
InfoWatch DeviceLock Adapter. Traffic Monitor Server
DeviceLock. . InfoWatch DeviceLock Adapter. .
Traffic Monitor Server,
1. :
rpm -e iwtm_gpl_components
rpm -e iwtm
2. , Traffic Monitor Server.

SMTP ( relay-)
, Postfix (.. ,
). Postfix . . 3.2.5 . 49

SMTP-
(
Postfix)
, Postfix (.. ,
). Postfix . . 3.2.5
. 49.
SMTP-
, InfoWatch Traffic Monitor
:
, (tm.conf, detector.conf,
qmover.conf, icap.conf).
.rpmsave (, tm.conf.rpmsave). ,
, .
.
.
.
InfoWatch Traffic Monitor , .
74
Postfix, . , Traffic Monitor Server Postfix,

. 3.2.5 . 49.
5.5. Sniffer
Sniffer Traffic Monitor Server , Sniffer Traffic Monitor Server (. . 5.4 . 73). .
Sniffer, Traffic Monitor Server:
:
rpm -e iwtm
:
, tm.conf, . tm.conf.rpmsave (, tm.conf.rpmsave). , ,
.
InfoWatch Traffic Monitor , .
5.6. Management Console

Management Console:
1. .
.
.
2. InfoWatch Traffic Monitor Management
Console .
A.
ORACLE
Oracle InfoWatch Traffic Monitor.
:
Oracle (. A.1 . 75).
Oracle (. A.2 . 82).
A.1. Oracle
:
(. A.1.1 . 75).
(. A.1.2 . 75).
(. A.1.3 . 77).
A.1.1.
Oracle Traffic Monitor Server .
, Oracle, :
( ), -.
,
, , .
A.1.2.
Oracle, .
1.
, , Oracle, , . 2.2.5 . 26.
2.
root
root. :
su root
3.
/etc/hosts
/etc/hosts IP-, ,
Oracle:
IP- __
76
:
10.1.10.120 oracle.company.com oracle
4.
oinstall dba:
/usr/sbin/groupadd oinstall
/usr/sbin/groupadd dba
oracle:
/usr/sbin/useradd -g oinstall -G dba oracle
:
passwd oracle
5.
, Oracle :
mkdir -p /u01/app/oracle/data
chown -R oracle:oinstall /u01/app/oracle/data
chmod -R 775 /u01/app/oracle/data
6.
/etc/sysctl.conf :
kernel.sem = 250 32000 100 128
kernel.shmall = 2097152
kernel.shmmax = :
4294967295
kernel.shmmni = 4096
net.ipv4.ip_local_port_range = 9000 65000
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048576
fs.aio-max-nr = 1048576
fs.file-max = 6815744
!
kernel.shmall kernel.shmmax ;
. - /etc/sysctl.conf , .
, :
/sbin/sysctl p
7.
/etc/security/limits.conf
/etc/security/limits.conf :
oracle
oracle
oracle
oracle
8.
soft
hard
soft
hard
nproc
nproc
nofile
nofile
2047
16384
1024
65536
/etc/pam.d/login
/etc/pam.d/login ( ):
session
required
pam_limits.so
9.
77
/etc/profile
/etc/profile :
if [ $USER = "oracle" ]; then
if [ $SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384
ulimit -n 65536
fi
umask 022
fi
10. /home/oracle/.bash_profile
/home/oracle/.bash_profile :
ORACLE_BASE=/u01/app/oracle
export ORACLE_BASE
ORACLE_SID=iwtm
export ORACLE_SID
ORACLE_HOME=/u01/app/oracle/product/11.2.0/db_1
export ORACLE_HOME
PATH=$ORACLE_HOME/bin:$PATH
export PATH
11. /etc/fstab
, /etc/fstab :
tmpfs
/dev/shm
tmpfs
defaults
0 0
defaults size=X. X 80% . , 4 :

tmpfs
/dev/shm
tmpfs
size=4g
0 0
:
reboot
A.1.3.
,
.
1.
oracle
oracle. :
su oracle
2.
Oracle Database Installer, :

/directory_path/runInstaller
directory_path , . Oracle Database

Installer /Disk1.
78
3.
Oracle, :
1. Configure Security Updates (. . 26), , My Oracle Support: e-mail, My Oracle Support .
26. ( 1 20)
2. Select Installation Options Create and configure a database.

3. System Class Server Class.
4. Grid Options Single instance database installation.
5. Select Install Type Advanced install.
6. Select Product Languages (. . 27) , .
79
27. ( 6 20)
7. Database Edition (. . 28) Enterprise Edition.

Select Options , :
Oracle Partitioning
Oracle Label Security.
28. ( 7 20)
80
8. Database Edition , :
Oracle base (Oracle base),
, ;
Software location (Oracle home),
, .
9. Select Configuration Type General Purpose / Transaction Processing.
10. Specify Database Identifiers :
Global database name .
Oracle Service Identifier SID
ORACLE_SID /home/oracle/.bash_profile. (. A.1.2 . 75,
10).
11. Specify Configuration Options:
Memory Enable Automatic Memory Management
, Oracle, 80% .
Character Sets Use Unicode (AL32UTF8).
:
AL32UTF8
Security Assert all new security settings.
12. Specify Management Options , Use Database Control for
database management, , ,
Enable mail notifications .
13. Specify Database Storage Options .
Oracle, File
System ( ). Specify database file locations , 1.
14. Specify Recovery Options Do not enable automated backups.
15. Specify Schema Passwords Use the same password for all accounts
Administrative password, Confirm password Oracle.
, :
,; \.:!~`#$%^*()-_+<'[]{}|>?
, . Oracle
. 15 .
:
B
. 86.
16. Operating System Groups (. A.1.2
. 75, 4):
Database Administrator (OSDBA) Group dba.
Database Operator (OSOPER) Group oinstall.
17. Perform Prerequizite Checks ,
.
81
29. ( 17 20)
18. Summary . ,
, Finish .
19. Install Product . root, .
20. .
, Oracle ,
.
A.1.4.
1.
/etc/oratab
/etc/oratab. Y ( N) :
iwtm:/u01/app/oracle/product/11.2.0/db_1:Y
iwtm SID (. A.1.2 . 75, 10).
2.
Oracle Label Security
Database Configuration Assistant oracle, :

$ dbca
:
1. Operations Configure Database Options.
2. Database , Oracle Label Security (. A.1.3 . 77, 3, . 8: Software location - Oracle home).
3. Database Content Oracle Label Security.
4. Connection Mode Dedicated Server Mode.
82
5. . , .
6. . No, Database Configuration Assistant.
3.
LBACSYS
LBACSYS :
1. Database Control SYSTEM.
2. Schema.
3. Users and privileges Users.
4. Users LBACSYS Edit.
5. Edit User Status Unlocked.
6. Enter Password LBACSYS Confirm Password.
7. System Privileges.
8. SELECT ANY DICTIONARY.
9. Apply.
4.
PL/SQL sys :
alter
alter
alter
alter
alter
alter
alter
5.
system
system
system
system
system
system
system
set
set
set
set
set
set
set
db_keep_cache_size='200M' scope=spfile
db_files=5000 scope=spfile
RECYCLEBIN='off' scope=spfile
nls_territory = russia scope = spfile
nls_language = russian scope = spfile
audit_trail='none' scope=spfile
processes = 1000 scope=spfile
oracle .
1. :
lsnrctl stop
dbshut
2. :
lsnrctl start
dbstart
A.2. Oracle
Oracle 11g R2
(11.2.0.1.0). :
Oracle (. A.2.2 . 85).
Oracle (. A.2.3 . 85).
83
A.2.1. Oracle
Linux
Oracle , Traffic
Monitor Server. Oracle , Red Hat Enterprise Linux Server 5.5 x86-32.
:
(. A.2.1.1 . 83).
(. A.2.1.2 . 84).
A.2.1.1.
1.
root
root. :
su root
2.
/etc/hosts
/etc/hosts IP-, ,
Oracle:
IP- __
3.
oinstall dba:
/usr/sbin/groupadd oinstall
/usr/sbin/groupadd dba
oracle:
/usr/sbin/useradd -g oinstall -G dba oracle
:
passwd oracle
4.
, Oracle (
/u01):
mkdir -p /u01/app
chown -R oracle:oinstall /u01/app
chmod -R 775 /u01/app/
5.
/etc/profile
/etc/profile :
ORACLE_BASE=/u01/app/oracle
export ORACLE_BASE
ORACLE_SID=iwtm
export ORACLE_SID
ORACLE_HOME=/u01/app/oracle/product/11.2.0/client_1
export ORACLE_HOME
PATH=$ORACLE_HOME/bin:$PATH
export PATH
84

NLS_LANG=RUSSIAN_RUSSIA.AL32UTF8
export NLS_LANG
6.
X Window
.
X Window. :
startx
, :
1. Oracle X ,
:
xhost IP-__
:
xhost 10.60.0.159
2. DISPLAY:
DISPLAY=__X_:0.0; export DISPLAY
:
DISPLAY=myhost.xzy.com:0.0; export DISPLAY
A.2.1.2.
,
Oracle.
1.
oracle
oracle. :
su oracle
2.
Oracle Universal Installer, :

/directory_path/runInstaller
directory_path , Oracle.
Oracle Universal Installer /Disk1.
3.
Oracle :
1. Administrator.
2. ORACLE_HOME ( /etc/profile).
Oracle, .
root, .
4.
:
1. Oracle
tnsnames.ora (. . A.2.2 . 85).
2. Oracle (. . A.2.3 . 85).
85
A.2.2.
Oracle
Oracle ,
Oracle, tnsnames.ora.
:
tnsnames.ora /ORACLE_HOME/network/admin (
/ORACLE_HOME , Oracle).
tnsnames.ora ,
:
IWTM =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = iwtm)(PORT = 1521))
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = iwtm)
)
)
HOST Oracle. SERVICE_NAME .
A.2.3.
Oracle
Oracle, ,
Oracle, :
Oracle. :
sqlplus db_login/db_password@tns_name
db_login db_password , tns_name

, (
tnsnames.ora).
,
SQL *Plus:
SQL>
, NETWORK/ADMIN/sqlnet.ora sqlnet.ora
#:
# sqlnet.ora Network Configuration File: C:\Oracle\product\11.2.0\Client_1\network\
admin\sqlnet.ora
B.

1 10 .
, _. .
:
, :
(),;\.:!~`#$%^*-_+ '[]{}|?<>
, .
30 .
: SYS_ ORA_.
Oracle:
ACCESS
IDENTIFIED
PUBLIC
ADD
IMMEDIATE
RAW
ALL
IN
RENAME
ALTER
INCREMENT
RESOURCE
AND
INDEX
REVOKE
ANY
INITIAL
ROW
AS
INSERT
ROWID
ASC
INTEGER
ROWNUM
AUDITBETWEEN
INTERSECT
ROWS
BY
INTO
SELECT
CHAR
IS
SESSION
CHECK
LEVEL
SET
CLUSTER
LIKE
SHARE
COLUMN
LOCK
SIZE
COMMENT
LONG
SMALLINT
COMPRESS
MAXEXTENTS
START
CONNECT
MINUS
SUCCESSFUL
CREATE
MLSLABEL
SYNONYM
CURRENT
MODE
SYSDATE
DATE
MODIFY
TABLE
87
DECIMAL
NOAUDIT
THEN
DEFAULT
NOCOMPRESS
TO
DELETE
NOT
TRIGGER
DESC
NOWAIT
UID
DISTINCT
NULL
UNION
DROP
NUMBER
UNIQUE
ELSE
OF
UPDATE
EXCLUSIVE
OFFLINE
USER
EXISTS
ON
VALIDATE
FILE
ONLINE
VALUES
FLOAT
OPTION
VARCHAR
FOR
OR
VARCHAR2
FROM
ORDER
VIEW
GRANT
PCTFREE
WHENEVER
GROUP
PRIOR
WHERE
HAVING
PRIVILEGES
WITH

: 10 30 .
, .
:
;
( .. );
;
;
, .
C.
:
(. C.1 . 88).
Traffic Monitor Server (. C.2 . 92).
C.1.
, ,
.
Traffic Monitor Create Schema Wizard
. ,
, :
. .
Traffic Monitor Create Schema Wizard SQLPlus
Oracle. :
Oracle A.2 . 82.

ORA-12154
(/)
. :
(/)
.
:
(. 3.1.2 . 30).
(. 4.3.2 . 67).
(. 5.1.2 . 71).
89
ORA-01017
/ /
.
:
/ .

:
(. 4.3.2 . 67).
(. 5.1.2 . 71).
90
ORA-12560 SQL*Plus
(/)
: , / . ORA12560:
SQL*Plus:
(/)
. /
/
.
91
, (, .).
:
(. 3.1.2 . 30).
(. 4.3.2 . 67).
(. 5.1.2 . 71).
ORA-20000 ORA-06512
:
;
, , .
:
(
):
FROM dual
, .
:
, , (. 24).

,
. :
.
. 5.1.1 . 70.
92
C.2. Traffic Monitor Server

iw_messed, iw_deliverd , Oracle
iw-trafmon ORACLE_HOME.
:
/usr/local/infowatch/tm3/bin/scripts/iw-autorestart.sh
ORACLE_HOME.
ORACLE_HOME, Oracle.
iw_messed, iw_deliverd , Oracle
Traffic Monitor Server ( Traffic Monitor Server) oinstall ( Oracle) (. . 3.2.1 . 40).
Linux
Traffic Monitor Server Linux .
Linux ,
:
2. /usr/local/infowatch/tm3/etc/tm.conf Linux ( [ORACLE], Username Password, ).

3. Linux , SQL *Plus :
ALTER USER __Linux_ ACCOUNT UNLOCK

D.
,
MIT (http://www.opensource.org/licenses/mit-license.html):
Lua http://www.lua.org/license.html
LuaBind http://www.rasterbar.com/products/luabind.html
libxml2 http://www.xmlsoft.org/
:
BSD (http://www.opensource.org/licenses/bsd-license.php):
Stringencoders http://code.google.com/p/stringencoders/
GNU GENERAL PUBLIC LICENSE (http://www.gnu.org/licenses/gpl2.0.html):
Pdftotext http://www.foolabs.com/xpdf/
Tnef http://sourceforge.net/projects/tnef/
Unzip http://www.info-zip.org/UnZip.html
libcole.so arturo@directmail.org; andy.scriven@research.natpower.co.uk
libhtmltree.so pauljlucas@mac.com

HTTP-
, HTTP (POST-, GET- . .).
ICQ-
, ICQ.
InfoWatch Device Monitor
, .
InfoWatch Traffic Monitor Management Console
. InfoWatch Traffic
Monitor ( , , . .).
Management Console
.: InfoWatch Traffic Monitor Management Console
SMTP-
, SMTP.
SPAN
Switched Port Analyzer. , , CISCO
Switched Port Analyzer
. SPAN
InfoWatch Traffic Monitor, ,
.
XML-
(, , , ..),
, . InfoWatch Traffic Monitor


. .

. :

, .
. :
95

. .

(Mail Transfer Agent).

, .

. :

. , .
.

, .
.

. . DAE .

( ). .
. : , ,
Linux ...................................35
InfoWatch Traffic Monitor......................................... 8
....................................................42
iw_lickey................................................................. 45
.............................61
Postfix ..............................................................42, 43
....................33, 34
Oracle

(Linux) ...........................................................77

IP- ........................................ 41
Oracle
tnsnames.ora .....................................................43
............................................... 42
...................................42

...................................67
............................. 42
.......................................71
.............................................. 42
......................................31
................................65
Oracle ............................................. 42
....................................30
....................................70
............................28
iw_customer.dat ..........................................45, 47
iw_licence.dat ..............................................45, 47

............................................... 28, 37
iw_lickey ............................................................ 45
...........................................................28
root .................................................................... 41
Traffic Monitor Server....................... 41
Oracle ......... 41
.................................................. 29, 36
.................. 29, 38

Язык

Руководство по установке и конфигурированию

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Руководство по установке и конфигурированию

Загружено:

Авторское право:

Доступные форматы

InfoWatch Traffic Monitor Enterprise 3.

InfoWatch Traffic Monitor Enterprise 3.5

3.2.8. IW ICAP ....................................................................................................... 55

InfoWatch Traffic Monitor Enterprise 3.5

Traffic Monitor Server

service iw-trafmon status

Traffic Monitor Server:

service iw-trafmon stop

1.1. InfoWatch Traffic Monitor

InfoWatch Traffic Monitor Enterprise 3.5

1.2. InfoWatch Traffic Monitor Enterprise

(Traffic Monitor Server, Sniffer, IW ICAP,

Traffic Monitor Server: , ,

Postfix Traffic Monitor Server. Postfix . . . 2.3 . 27.

Oracle (. A.1 . 75).

InfoWatch Traffic Monitor Enterprise 3.5

Traffic Monitor Server

1. Management Console (. 3.4 . 60).

SMTP-, HTTP-, ICQ-

SMTP-, HTTP-, ICQ-

Sniffer + Traffic Monitor Server

SMTP-, HTTP, ICQ-

SMTP-, HTTP, ICQ-

SMTP-, HTTP, ICQ-

Traffic Monitor Server

InfoWatch Traffic Monitor Enterprise 3.5

3. . Traffic Monitor Server (. . 5). , .

SMTP-, HTTP-, ICQ-

SMTP-, HTTP-, ICQ-

Traffic Monitor Server

Traffic Monitor Server

SMTP-. HTTP-, ICQ-

SMTP-. HTTP-, ICQ-

SMTP-. HTTP-, ICQ-

Oracle (. A.1 . 75).

Sniffer Traffic Monitor Server

InfoWatch Traffic Monitor Enterprise 3.5

1. Management Console (. 3.4 . 60).

InfoWatch Traffic Monitor Enterprise 3.5

Oracle (. A.1 . 75).

Traffic Monitor Server

1. Management Console (. 3.4 . 60).

2.1.4. , InfoWatch Device

9. InfoWatch Device Monitor

2. InfoWatch Device Monitor. , InfoWatch Device Monitor, Traffic Monitor Server.

10. InfoWatch Device Monitor

InfoWatch Traffic Monitor Enterprise 3.5

Oracle (. A.1 . 75).

Traffic Monitor Server

1. Management Console (. 3.4 . 60).

2. DeviceLock. , DeviceLock, Traffic Monitor Server. . (. . 12).

InfoWatch Traffic Monitor Enterprise 3.5

Oracle (. A.1 . 75).

Traffic Monitor Server

1. Management Console (. 3.4 . 60).

2.2.1. Traffic Monitor Server

Red Hat Enterprise Linux Server 5.5 x86-32 .

Oracle 11g R2 (11.2.0.1.0).

InfoWatch Traffic Monitor Enterprise 3.5

Cisco Catalyst 2960 Series

Sniffer CISCO. SPAN RX/TX. SPAN- Cisco Catalyst 2960 Series

Intel Core2 Duo E6750 ( 2,66 )

NAPI Promiscuous mode.