SECREFHRELTD USA, AUS, CAN, GER, NZL Statistics Configuration Read Me Statistics configurations are stored in two locations: :sks.config and Hks.advanced.config. Some of the configurations are onlv available on svstems running versions of prior to version 1.5.1D. These are noted in the description of each con?guration. these steps to change the statistics configurations. sks.config 1. (SHRELJ At the command line from within anv directorv, tvpe and press Enter. The sksconfig file will open. There are three statistics configurations: a. iv. Version: 1.5.9 and prior Defouit: no value Description: Identifies the hostname of the svstem that collects statistics on a cluster. If this value is blank, statistics will be collected on the master. This configuration has been used in cases where a cluster is split into a front end and a back end, in which case the master of the back end usuallvr collects and sends statistics to stats_central. Action: Keep the default {no value} to use the hostname of the master of the cluster. Dr, type the specific hostname of a machine on which statistics should be collected. 1o. atat_eyetem_oleaigoator iv. lvfersions Defouit: no value Description: Identifies the svstem for which statistics are being collected bv appending a unique name to the SIGAD of the svstem. Action: Keep the default value if the svstem has one cluster. If the system has muitipie clusters, then tvpe a unique name for each cluster. For example, tvpe akeyl for one cluster and sake 32 for another cluster. A single entrv is made for each cluster that is named: atat_eyetem_deaigoator{l} take 331, akey?, eto. Classified Ev:- Derived From: NSAICSSM 1?52 Dated: EDDTDIDB [.?ieclassifvr 0n: SECREUIRELTD USA, AUS, CAN, GER, NZL SECREFHRELTD USA, AUS, CAN, GER, NZL c. eeod_etate_home yes i. Versions ii. Defouit: no yalue Description: Confirms that statistics files will be created. Deliyery of these files to stats_central is completed using MAILDRDER or some other site?specificfile transfer mechanism. iy. Action: Keep the default to haye statistics files created. Type no if the current system is to be used as a statistics databasefyiewer or if statistics should not be collected. 2. Make any desired changes to the configurations. 3. (SHRELJ Type :wa and press Enter to exit sitsconfig. sks.adyanced.config 1. (SHRED At the command line from within any directory, type yiaciyaooeci and press Enter to edit the sks.adyanced.config file. There are fiye statistics configurations: a. atata_oeotral no i. Defouit: oo ii. Versions Deso'iption: Determines if the current system is to be used as a stats databasef'yiewer. This system cannot be used for processing and must haye statistics files routed to it yia MAILDRDER. iy. Action: Keep the default if you do not want the system to be the stats databasef'yiewer. Type ye a if you want the current system to be used to display metrics. important: There is a comment about this parameter in sks.config.in, but the configuration should be set here. Setting the yalue in sks.config will oyerride the yalue in sks.adyanced.config. 1o . state_cieet_trigraph KKJ i. Defouit: KKJ ii. Versions Description: Identifies the trigraph used when creating statistics MAILDRDER files. NotE: This configuration is transparent to the system at site. Howeyer, if site administrators want to send stats to stats?central using a trigraph other than Eli], then this must be coordinated with MAILDRDER. 2 seceen'mELTo use. wus, can, can, NZL SECREFHRELTD USA, AUS, CAN, GER, NZL iv. Action: Keep the default for data to be sent to stats_central using trigraph Eli]. Type a different trigraph to route data elsewhere. c. stats_in put_topi cs i. Defouit: no value ii. 1.5.9 and prior oniv. Description: Identifies which statistics are collected lav the svstem. Note: This option is present in sks.advanced.config but it is ignored in version 1.5.9. iv. Action: Keep the default value to ensure all default statistics are collected. Do not change unless otherwise directed by an developer. d. mp_stats= falsef'true i. Defouit: false or no value for version 1.5.9 and prior; true for version 1.5.19. ii. Version:1.5.9 and prior Description: Directs the process to collect generic info state. iv. Action: Tvpe true to collect generic_info statistics using the API stats call Tvpe false to ignore generic_info statistics. NotE: you can use the seoc1_mp_]cw_atata command line argument to direct to collect microplugin and statistics. e. mp_stats_i nterval 999 i. Defouit: 999 seconds ii. Ilv?ersion: 1.5.9 and prior Description: Sets the collection interval for the microplugin statistics. Anv value {in seconds) mav be entered. NotE: This is no longer in the config file, but it is still honored. iv. Action: Keep the default value unless otherwise directed he; an developer. 3. (SHRELJ Tvpe :wa and press Enter to exit sicsodvoncedconfig. 3 sscesrnemo use. nus, can, see, NZL SECREFHRELTD USA, AUS, CAN, GER, NZL Key Te Cluster: A single Master and i] to Slayes. A system may haye front?end andfor back?end clusters. Front? encl clusters perform raw packet collection and back?end clusters perform protocol processing. Moster: A single machine that runs the software and distributes the configuration to all Slayes in its cluster. At a site with multiple systems and an Dyerlorcl, the Master receiyes its configuration from its Dyerlord. ?yerioro': A single machine that runs the software and controls the clusters in a comples: system. it passes configuration files to the indiyiclual Masters. Site: A single SIGINT Actiyity Designator A site may contain 1 to :1 systems. Sioye: A single machine running the software that receiyes its configuration from its cluster Master. System: One to clusters and or 1 oyerlord. 4 SECREFHRELTD usw, eus, can, see, NZL