The admin user and other members of the Admin group are the only users with access to the ‘Administration’ drop-down menu available in the top right corner of the CloudShark appliance web interface. This section contains a description of all system level preferences and administration options available in the Administration menu, including:
The Administration menu will also be displayed in the left margin when viewing other admin-related pages.
The Overview page can be accessed by clicking Overview in the Administration menu. This page provides a quick summary of the CloudShark system and includes various status and activity indicators.
The chart on the Overview page is interactive. Clicking on an upload or view data point in the chart will open a filtered File Index or Activity page, respectively, showing only the uploads or views for that particular date.
The Settings page can be accessed by clicking Settings in the Administration menu. This page allows different system wide settings to be modified, including:
System Name: the system name is initially inherited from the Linux hostname. The system name is useful for uniquely identifying a CloudShark system, and is displayed in the top left corner of the user interface and in the browser title bar.
Guest Access: is disabled by default. A guest is a visitor without a CloudShark user account. With guest access disabled, all users must log in to view or upload capture files. When guest access is enabled, guests are allowed to view and optionally upload capture files based on the Guest Upload option.
Public Files: Capture files and tags are indexed by CloudShark in the capture index page for all users by default. Setting this value to Hide public captures will hide captures that are not owned by the user or their group. This allows a CloudShark administrator to have unrelated groups of users without exposing their capture files to each other. Set to Hide, capture files from unrelated users and groups will not be listed in the capture index. Attention: A public file, that is one that does not require CloudShark authentication to view, is still viewable when the URL is known. This setting is only for changing whether or not users can see each others files in the index.
Guest Upload: by default guests are only allowed to view capture files that have been shared by other CloudShark users. In this mode guests are not allowed to upload capture files. When enabled guests are allowed to upload capture files in addition to viewing capture files that have been shared by CloudShark users.
Maximum File Size: by default CloudShark will allow captures up to 2 GB in size to be uploaded and viewed. This file size limit may effect performance. Please see our system requirements for more information on tuning this setting based on your system.
Download Original: by default CloudShark users are able to download the original source capture files directly from the decoder window. In certain situations it may be desirable to prevent users from downloading the original source capture files. This setting globally enables or disables original source file download functionality with CloudShark.
Blocked Types: You can specify file types that you do not wish users to upload. This is convenient in the scenario where CloudShark is on a public network. Frame based audio, image, and movie files such as MP3, JPEG, and MPEG are supported for decoding by CloudShark and so are valid files to upload. Because of the “Download Original” features of CloudShark, this can allow it to be used as a repository for sharing these files. With this Blocked Types option, you can control the type of files CloudShark will accept in the manner that best suits your needs. You can learn the file type CloudShark expects by using the ‘capinfos’ tool on a file you wish to block and inspecting the “File type” output.
CloudShark supports a hybrid of local and external user authentication. By default external authentication is disabled and all users are authenticated against CloudShark’s local database. More information on configuring CloudShark for external user authentication can be found in our External Authentication article.
A user is a discrete entity that can log into CloudShark and own capture files. A capture file is always owned by a single user. Files cannot be orphaned – they are deleted or reassigned if a user is deleted.
To add a new user to the CloudShark appliance, click Users in the Administration menu and then click the Create a new user button. A pop-up box will ask for the following information associated with that user:
Users can be deleted by clicking and confirming the ‘delete’ link for a specific user in the Users table. All of the capture files owned by a user must be either deleted or reassigned to another user when that user is deleted.
Please visit the article discussing Users & Groups for more detail.
Users can also be organized into groups. By default CloudShark is configured with a single Admin group containing a single user (the admin user, discussed in the previous section). CloudShark groups exist locally on the system and help define sets of users who want to share access to capture files.
Please visit the article discussing Users & Groups for more detail.
Tags are descriptive text strings that are associated with capture files. Their purpose is undefined, so users are able to create their own uses. Tags are useful for organizing capture files and highlighting specific characteristics.
Existing tags can be bulk-edited by clicking the Tags link in the left margin of the Administration menu. To globally modify a tag, click the tag name, and a dialog box will appear allowing the tag to be renamed or deleted. Note that renaming or deleting tags that are associated with a large number capture files may take some time to complete.
RSA keys can be used to decrypt SSL traffic within a capture file.
RSA keys are imported and managed by admin users can be shared with other users and/or groups.
CloudShark includes a service called Auto-Imports. This service will monitor a list of local file directories for capture file uploads and automatically add them to CloudShark.
To set up a directory as an auto-import directory, click the Auto-Imports page in the left Administration menu. Up to five directories may be defined. Each directory can be configured with a default list of tags, which will be automatically applied to any capture file processed. An existing group and user may be selected as the owner of the capture file as well.
Directory requirements: Both the directory and the file to be imported must be readable by the ‘cloudshark’ system account. The permissions must be set on the file prior to copying/moving into the directory for CloudShark will process the file immediately upon creation. A subsequent command that fixes the permissions will fail because CloudShark will have already marked the file as unreadable.
These directories must be local to CloudShark. Remote file systems such as SMB and NFS will not trigger the Linux kernel’s inotify event, which the Auto-Imports service utilizes.
CloudShark can reprocess a capture file if the timestamp changes. The touch system command will perform this task. For example, to make CloudShark reprocess every capture file in /auto-imports:
cd /auto-imports touch *.cap
If the Auto-Import location is purely used to catch files as they are added to CloudShark, you may mark files to be deleted after they are imported. Internally this is implemented as a “move” command which has added performance benefits if the autoimport directory and internal capture storage directories are on the same physical disk.
cloudshark system account does not have write permissions on the directory itself,
then the files will not be able to be removed. Starting in
CloudShark 3.5 this no longer causes the upload to fail.
Please see the Web API Guide for more information on API Tokens.
The admin user can view event logs for the system by clicking on the Activity page in the Administration menu. The activity logs are useful for auditing purposes and can be filtered by:
The License Info page displays licensing information for the CloudShark appliance, including the system ID, support expiration date, and registration details. This data is provided for information only. In some cases CloudShark Support may ask for some or all of the information provided on this page.
After logging in, Admin users will have access to all capture files currently loaded on the CloudShark appliance, regardless of owner, through the capture file index. Admin users can navigate back to the capture file index at any time by clicking on the CloudShark Appliance link in the top left corner.
Clicking on a row in the capture file index will open the selected file in the decoder window, where it can be analyzed and annotated. Admin users, in addition to the file owner and other users with the necessary permissions, can also perform the following actions on one or multiple capture files:
In addition, admin users can also import new capture files, search for existing capture files, and modify the capture file index table display options. Please see the User Guide article for more information.