Capture Settings are set-up separately for each capture channels. Once these settings have been specified, OK or Apply should be clicked. This tab specifies General capture information.
Save to Database
If ticked, specifies that captured data should be written to a database. A Database tab will appear, also the Data Format on this tab needs to be specified.
Filters and Alerts
Not yet supported, but Filters and Alerts will allow ignoring of certain captured text, and trigger alerts from other captured text.
Pause Capture if Echo Stops
Not yet supported, but Pause Capture if Echo Stops will do as it suggests.
No Log Display
If ticked, specifies that captured data should not be displayed in the main windows as it arrives. This reduces the overhead on the PC, and might be useful for very slow PCs.
Check for Data Loss
If ticked, Common Settings, Alerts become effective for this channel, triggering actions and alerts if data is not captured for a specified period.
Alert on Unexpected Stop
If ticked, triggers an alert if the channel is stopped due to a network connection dropping.
Echo Type
Echo Type specified if captured data should be echoed to another computer or printer, in one of the following ways:
Windows Printer |
Captured data will be echoed to any installed Windows local or network printer. A new tab will appear where more Printing settings can be made. |
Serial Port/Printer |
Captured data will be echoed to a serial port, which may be cabled to a printer or another computer. A new tab will appear where more Printing settings can be made. |
Parallel Port Printer |
Captured data will be echoed to the LPT1 parallel port, which may be cabled to a printer. A new tab will appear where more Printing settings can be made. |
UDP (Syslog) |
Captured data will be echoed to a remote computer using the UDP network IP protocol, optionally with Syslog headers. A new tab will appear where more Network settings can be made. |
TCP Server |
Captured data will be echoed to a maximum of five remote computers using the TCP Server IP protocol. A new tab will appear where more Network settings can be made. |
TCP Client |
Captured data will be echoed to a remote computer using the TCP Client IP protocol. A new tab will appear where more Network settings can be made. |
The serial and parallel port printer options may be preferred over using a normal Windows printer because the Windows printer drivers often prevent data being printed while it’s still being captured. Driving the printers directly avoids any Windows queues or buffering, giving immediate print on impact printers, or full pages when 66 to 72 lines have arrived at a page printer (like a laser). The downside of direct printer access is that codes may need to be set to the printer to set margins, paper length, font size, etc.
Data Format
This option is used to define the Data Format for captured data, where separate columns need to be identified to be saved to database columns or for filtering and alerts.
Fixed Width Columns |
Fixed width columns is the most common data capture format where each line is the same length with columns separated by a variable number of spaces so each has a fixed starting position and length. Sometimes trailing space at the line end are skipped so the lines are variable length. |
Character Separated Columns (CSV) |
Character Separated Columns (sometimes called Character Separated Variables) data is where variable length columns have a separator character usually a comma. To allow the columns to contain the separating character, they may optionally, or always, have double quotes, ie "ComGen Test","192.168.1.109","PC09" ComCap allows the separating character to be specified, and then counts columns to identify them. |
Variable Named Columns (=) |
Variable named columns data is where space separated columns are named, so the column name is followed by the data, with double quotes being used if the data contains a space, ie msg="Connection Opened" n=6258475 src=192.168.1.109:3008:LAN dst=216.22.212.19:80:WAN proto=tcp/http. This format is used by the Sonicwall firewall appliance for it’s Syslog. |
The selection of Data Format here defines the appearance of the grid on the Data Format tab.
Line End
This option specified how ComCap checks for the end off each captured line, so it can be displayed and captured.
Carriage Return |
This is the normal line ending for PC ASCII files which normally have both CR and LF at the end of a line and CR and FF (form feed) at the end of a page. Note the LF and FF are ignored by ComCap |
Line Feed (Unix) |
This option should be used for files created by UNIX systems, which typically only have LF characters |
Special Character |
Allows any line ending character to be specified in hex, may be used for special protocols |
Packet (UDP) |
This is the default for the UDP protocol where one line is sent per datagram or packet usually without any CR or LF. Note that CR or LF in the packet will be ignored using this option. |
Note that a line also has a maximum length, as defined below, and will be ‘broken’ when it’s reached if no line end character is found first. If the display shows lines combined together, this usually means the wrong Line End is selected.
Max Line Length
The Maximum Line Length may be specified up to 1,024 characters. It was fixed at 255 characters in ComCap v3. If the maximum is reached, the captured line is broken.
Line End Timeout
A Line End Timeout may now be specified in seconds, where zero means no timeout, up to 300 seconds. When the timeout expires, an incomplete captured line will be processed, saved and displayed. This is usually only necessary when non-ASCII data is being captured where there are no carriage returns or line feeds, but may also be useful when setting up ComCap to capture from a serial port with unknown speed, since it can be used to cause display of the 'corrupted' data caused by speed mismatch which will be missing line ends.
Capture Restart Attempts
If capture fails to start, Capture Restart Attempts are specified as seconds before another attempt is made to start capture. This duration is also used for restarts caused by database problems.
Commands to Send upon Start and Stop Capture
Command strings may optionally be sent when capture is started and stopped, perhaps to trigger a remote appliance to start or stop. The strings may include escape sequences to specify non-printing characters:
\n |
New line (CRLF) |
\f |
Form Feed (FF) |
\c |
Carriage Return (CR) |
\l |
Line Feed (LF) |
\\ |
Backslash (\) |
\e |
Escape (ESC) |
\xnn |
Any hex code where nn is 01 to FF |
Note that no line end is normally sent, so \n will commonly be used. A delay in seconds may be specified before the data is send, to allow the connection to settle and perhaps for start-up data to be received. Zero means no delay.
Repeat Start Command
Setting 'Repeat Start Command' to a non-zero value of seconds causes the Start command text to be repeatedly sent at the specified interval. The maximum interval is 999 seconds, with zero meaning don't repeat the command. This is a fail safe for appliances that only return data when triggered, in case they are reset or repowered while capture is running.