Capture rule configuration

Selective packet capture (requires Plixer FlowPro) rules can be added via API, which requires the following fields:

• authToken - Authentication token generated by Plixer Scrutinizer to allow API access

• rm - flowpro_capture_rules (runmode corresponding to the function set being accessed)

• name - Name to assign to the new capture rule

• server_ip - Packet source/server IP address or CIDR

• client_ip - Packet destination/client IP address or CIDR

• max_packets - Maximum number of packets to capture

• stops_on - End date/time for capturing packets as UNIX epoch timestamp

• well_known_port - Well-known port to monitor for packets

• retention_hours - Duration to store captured packet data

• enabled - State to add the rule in (1: enabled; 0: disabled)

• action - add (adds/creates a new capture rule as defined in the request)

Request example

Below is an example of an API call to create a new packet capture rule.

curl --location 'https://<SCRUTINIZER_ADDRESS>/fcgi/scrut_fcgi.fcgi' \
--form 'authToken=<AUTH_TOKEN>' \
--form 'flowpro_capture_rules' \
--form 'name="LDAP Traffic 2"' \
--form 'server_ip="1.1.1.1/32"' \
--form 'client_ip="2.2.2.2/32"' \
--form 'max_packets="1000"' \
--form 'stops_on="1743048000"' \
--form 'well_known_port="393605"' \
--form 'retention_hours="168"' \
--form 'enabled="1"' \
--form 'action="add"'