Filtering
Solera DS appliances provide the unique capability of capturing complete network traffic—every packet, header and payload—at full-line rate, up to 10 Gbps. Capturing this complete record of network traffic is critical to ensure that evidence of the root cause of a network problem, security breach or policy abuse is available for future analysis. While complete traffic capture is possible, you may chose to limit what data is captured or regenerated. You have the ability to filter traffic as it is captured (Ingress filtering) or after it is captured and then regenerated (Egress filtering).
Packets can be filtered by time stamp, protocol, MAC address, IP address, payload contents or any other bit of information within the packet. The Solera DS appliance management interface provides an easy means to quickly create specific filters to capture the desired traffic. Filters are applied to network packets individually, one packet at a time. Filters are evaluated against the packet sequentially using policy statement, one statement at a time. If all policy statements match the packet, the packet is accepted. If any policy statement does not match the packet, the packet is rejected.
