<p class="shortdesc">本文介绍如何新建抓包任务。</p> <section class="section prereq" id="createCaughtTask__prereq_pdg_4zb_tsb"><div class="tasklabel"><h2 class="doc-tairway">前提条件</h2></div> <p class="p">您已创建安全日志审计实例。</p> </section> <section><div class="tasklabel"><h2 class="doc-tairway">操作步骤</h2></div><ol class="ol steps"><li class="li step stepexpand"> <span class="ph cmd">登录<a class="xref" href="https://www.ocftcloud.com/console/log-audit" target="_blank" rel="external noopener">安全日志审计SLA控制台</a>，进入<span class="keyword wintitle">实例列表</span>页面。</span> </li><li class="li step stepexpand"> <span class="ph cmd">单击目标实例<span class="ph uicontrol"> 操作</span>列的<span class="ph uicontrol">管理</span>，进入安全日志审计控制台。</span> <div class="itemgroup info"> <img class="image" id="createCaughtTask__d80e53" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222803112057-1ecc508f988a.png" width="830"> </div> </li><li class="li step stepexpand"> <span class="ph cmd">在页面上边栏选择<span class="ph uicontrol">系统</span>，在左侧菜单栏选择<span class="ph menucascade"><span class="ph uicontrol">系统管理</span><abbr> > </abbr><span class="ph uicontrol">系统维护</span></span>，进入<span class="ph uicontrol">系统维护</span>页面。</span> </li><li class="li step stepexpand"> <span class="ph cmd">选择<span class="ph uicontrol">抓包工具</span>页签。</span> <div class="itemgroup info"> <div class="p"> <img class="image" id="createCaughtTask__image_o1m_spt_4sb" width="600" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222803112057-169d04859c34.png"> </div> </div> </li><li class="li step stepexpand"> <span class="ph cmd">单击<span class="ph uicontrol">新增</span>进入<span class="ph uicontrol">新增抓包任务</span>页面，根据以下信息配置抓包任务，配置完成后单击<span class="ph uicontrol">保存</span>，平台会执行抓包任务。</span> <div class="itemgroup info"> <div class="p"> <img class="image" id="createCaughtTask__image_rbs_tpt_4sb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222803112057-1c2190cc9133.png" width="350"> </div> <table class="table"><caption></caption><colgroup><col><col></colgroup><thead class="thead"> <tr class="row"> <th class="entry colsep-1 rowsep-1" id="createCaughtTask__entry__1"> <p class="p"> 配置项 </p> </th> <th class="entry colsep-1 rowsep-1" id="createCaughtTask__entry__2"> <p class="p"> 说明 </p> </th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry colsep-1 rowsep-1" headers="createCaughtTask__entry__1 "> <p class="p"> IP地址 </p> </td> <td class="entry colsep-1 rowsep-1" headers="createCaughtTask__entry__2 "> <p class="p"> 抓取指定IP地址发送给平台或平台发送给指定IP地址的报文。 </p> </td> </tr> <tr class="row"> <td class="entry colsep-1 rowsep-1" headers="createCaughtTask__entry__1 "> <p class="p"> 资产 </p> </td> <td class="entry colsep-1 rowsep-1" headers="createCaughtTask__entry__2 "> <p class="p"> 抓取资产发送给平台或者平台发送给资产的报文。 </p> </td> </tr> <tr class="row"> <td class="entry colsep-1 rowsep-1" headers="createCaughtTask__entry__1 "> <p class="p"> 端口 </p> </td> <td class="entry colsep-1 rowsep-1" headers="createCaughtTask__entry__2 "> <p class="p"> 指定日志资产的端口。 </p> </td> </tr> <tr class="row"> <td class="entry colsep-1 rowsep-1" headers="createCaughtTask__entry__1 "> <p class="p"> 网卡 </p> </td> <td class="entry colsep-1 rowsep-1" headers="createCaughtTask__entry__2 "> <p class="p">选择要进行抓包的网卡。（多网卡场景中需要选择）</p> </td> </tr> <tr class="row"> <td class="entry colsep-1 rowsep-1" headers="createCaughtTask__entry__1 "> <p class="p"> 抓包时间 </p> </td> <td class="entry colsep-1 rowsep-1" headers="createCaughtTask__entry__2 "> <p class="p"> 选择抓包的时间长度。当抓包时间或文件大小其中一个条件满足时平台会停止抓包。 </p> </td> </tr> <tr class="row"> <td class="entry colsep-1 rowsep-1" headers="createCaughtTask__entry__1 "> <p class="p"> 文件大小 </p> </td> <td class="entry colsep-1 rowsep-1" headers="createCaughtTask__entry__2 "> <p class="p"> 设置最大抓包文件的大小，取值范围1~512，单位为MB。当抓包时间或文件大小其中一个条件满足时平台会停止抓包。 </p> </td> </tr> </tbody></table> </div> </li><li class="li step stepexpand"> <span class="ph cmd">抓包过程中，单击<span class="ph uicontrol">暂停</span>可以暂停抓包任务；抓包完成后，单击<span class="ph uicontrol">下载</span>可将抓包文件下载至本地。</span> <div class="itemgroup info"> <div class="p"> <img class="image" id="createCaughtTask__image_g1c_vpt_4sb" width="650" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222803112057-160a0e759960.png"> </div> </div> </li></ol></section>