General

Capture Settings are set-up separately for each capture channels. Once these settings have been specified, OK or Apply should be clicked. This tab specifies General capture information.

If ticked, specifies that captured data should be written to a database. A Database tab will appear, also the Data Format on this tab needs to be specified.

If ticked, specifies that captured data may be filtered by ignoring certain captured text, and trigger alerts from other captured text. A Filters and Alerts tab will appear allowing these settings to be specified.

If ticked, specifies that captured data should not be displayed in the main windows as it arrives. This reduces the overhead on the PC, and might be useful for very slow PCs.

If ticked, data loss checking becomes effective for this channel, triggering actions and alerts if data is not captured for a specified period. By default, the data loss settings are taken from Common Settings, Data Loss but they may be overridden by settings on the Sounds/Data Loss tab if different values are needed for different capture channels.

If ticked, triggers an alert if the channel is stopped due to a network connection dropping.

Echo Type specified if captured data should be echoed to another computer or printer, in one of the following ways:

Windows Printer	Captured data will be echoed to any installed Windows local or network printer. A new tab will appear where more Printing settings can be made.
Serial Port/Printer	Captured data will be echoed to a serial port, which may be cabled to a printer or another computer. A new tab will appear where more Printing settings can be made.
Parallel Port Printer	Captured data will be echoed to the LPT1 parallel port, which may be cabled to a printer. A new tab will appear where more Printing settings can be made.
UDP (Syslog)	Captured data will be echoed to a remote computer using the UDP network IP protocol, optionally with Syslog headers. A new tab will appear where more Network settings can be made.
TCP Server	Captured data will be echoed to a maximum of five remote computers using the TCP Server IP protocol. A new tab will appear where more Network settings can be made.
TCP Client	Captured data will be echoed to a remote computer using the TCP Client IP protocol. A new tab will appear where more Network settings can be made. This option may be used for 'IP Printing' using port 9100.

The serial and parallel port printer options may be preferred over using a normal Windows printer because the Windows printer drivers often prevent data being printed while it’s still being captured. Driving the printers directly avoids any Windows queues or buffering, giving immediate print on impact printers, or full pages when 66 to 72 lines have arrived at a page printer (like a laser). The downside of direct printer access is that codes may need to be set to the printer to set margins, paper length, font size, etc.

This option is used to define the Data Format for captured data, where separate columns need to be identified to be saved to database columns or for filtering and alerts.

Fixed Width Columns

Fixed width columns is the most common data capture format where each line is the same length with columns separated by a variable number of spaces so each has a fixed starting position and length. Sometimes trailing space at the line end are skipped so the lines are variable length.

Character Separated Columns (CSV)

Character Separated Columns (sometimes called Character Separated Variables) data is where variable length columns have a separator character usually a comma. To allow the columns to contain the separating character, they may optionally, or always, have double quotes, ie "ComGen Test","192.168.1.109","PC09"

ComCap allows the separating character to be specified, and then counts columns to identify them.

Variable Named Columns (=)

Variable named columns data is where space separated columns are named, so the column name is followed by the data, with double quotes being used if the data contains a space, ie msg="Connection Opened" n=6258475 src=192.168.1.109:3008:LAN dst=216.22.212.19:80:WAN proto=tcp/http. This format is used by the Sonicwall firewall appliance for it’s Syslog.

The selection of Data Format here defines the appearance of the grid on the Data Format tab.

If capture fails to start, Capture Restart Attempts are specified as seconds before another attempt is made to start capture. This duration is also used for restarts caused by database problems.

Command strings may optionally be sent when capture is started and stopped, perhaps to trigger a remote appliance to start or stop. The strings may include escape sequences to specify non-printing characters:

\n	New line (CRLF)
\f	Form Feed (FF)
\c	Carriage Return (CR)
\l	Line Feed (LF)
\\	Backslash (\)
\e	Escape (ESC)
\xnn	Any hex code where nn is 01 to FF
\P	50ms pause in the data being sent, with multiples allowing a longer delay. Note the pause may not necessarily be effective with TCP/IP, because packets may get combined at transport level, nor may the pause be exactly 50ms due to other activity within ComCap

Note that no line end is normally sent, so \n will commonly be used. A delay in seconds may be specified before the data is send, to allow the connection to settle and perhaps for start-up data to be received. Zero means no delay.

Setting 'Repeat Start Command' to a non-zero value of seconds causes the Start command text to be repeatedly sent at the specified interval. The maximum interval is 999,999 seconds (277 hours), with zero meaning don't repeat the command. This is a fail safe for appliances that only return data when triggered, in case they are reset or repowered while capture is running.

Ticking this option prevents repeated logging when the Start Command is repeated sent, filling up the info log.