Settings related to storage period
Default storage periods vary depending on the data that you monitor. In order to comply with GDPR requirements, make sure that you set your storage period below 30 days.
For more information, see Storage period section of the Administration console.
Settings related to client IP address and user name storage
NAM has features that allow you to record and track client IP addresses and user names. Depending on your NAM report server setup, NAM can:
- Track and record each client IP address separately
- Track IP addresses from selected ranges
- Track users with defined user names
While these features are desired for most deployments, you may have to reconfigure their settings in order to comply with GDPR.
- Go to the NAM Server menu > NAM Server configuration menu option.
- Modify options in the User options section.
To switch off recording client IP addresses or user names, select the client IP address aggregation option that best fits your privacy requirements:
- Aggregate all users but count distinct user identifiers (PVU mode)
- Aggregate all users (PV mode)
Client IP address aggregation to locations retains per-location accuracy of the network performance measurements, while individual client IPs or user names are not tracked anymore.
To track client IP addresses and user names (if your privacy policies applicable to internal corporate applications allow it), select:
- Track users with identifiers, aggregate other users (ISP mode)
In this mode, the user names and client IP addresses are stored by the NAM. As a result, you may need to select which monitored software services should track user names, which monitored software services should NOT track the user names, and which user names should be pseudonymized.
For more information, see CAS Configuration.
Settings related to user information in HTTP headers and URLs
When the NAM Probe analyzes the HTTP request/response body information, it has insight into personal data, but this data is not recorded unless you intentionally configure the NAM Probe to do so. If the recording is necessary (for example, it is needed for HTTP request body content analysis), recorded data can be irreversibly masked.
- Go to NAM Server menu > Monitoring > NAM Console.
- Select a network probe you need to change the configuration for and click Open configuration from its context menu.
- Go to Global > Front-End Monitoring > Web > HTTP > Sequenced Transactions and Header Data and create a parameter mask.
This global option affects data generation for all HTTP-based services and takes precedence over them. Clearing this option here will cause no such data generated for any HTTP services, even if data generation is enabled for an individual user-defined service.
If the NAM Probe is configured to write header data to disk, header data is stored in
/var/spool/adlex/rtm/headerdata_* files. Header data includes:
- Request header
- Request parameters (from URL)
- POST data
- POST data (raw)
- Request cookie in the HTTP request section
- Response header
- Response cookie in HTTP response section
Go to NAM Server menu > Monitoring > NAM Console.
Select a network probe you need to configure and click Open configuration from its context menu.
Go to Software Services > User-Defined Software Services and edit the rule for the software service containing the URL with personal information.
Click the URL Monitoring tab and edit an existing URL or add monitored URL.
Select URL type URL as regular expression
In the URL definition, enter a regular expression with the sensitive information excluded.
Note that the URL regular expression contains escape characters for parameter separators and parentheses around the URL portions to be reported.
Save and publish the configuration changes.
Settings related to user name capture and pseudonymization
For each of the monitored services (software services in the NAM configuration), you can choose to either not capture user names at all, or to pseudonymize captured user names and to restrict user name access only to people whose user role allows such access.
DC RUM 2018
- On the NAM Console menu, in the Settings section, select Security > User name pseudonymization.
- If you are starting from a NAM Server, you can go to Monitoring > NAM Console first, and then open the User name pseudonymization screen.)
- Enable user name pseudonymization globally and then select it for all network probes that need user name pseudonymization.
For each of your monitored applications, disable user name recognition.
- Go to NAM Server menu > Monitoring > Devices.
- Select a network probe you need to configure and click Open configuration from its context menu.
- Go to Global > Front-End Monitoring > Web and disable user name recognition rules.
You may also need to repeat similar steps for SAP GUI, Oracle Forms, Citrix ICA, and other decodes you use.
- Alternatively, you can change monitored software services settings individually:
- Go to NAM Server menu > Monitoring > Software services.
- Choose the software service to modify and work to its monitoring rules.
Examine the lower left table of the configuration screen.
- For each rule, go to the User name recognition tab and edit the rules.
For more information, see HTTP monitoring.
Settings related to smart packet capture
Smart packet capture is a NAM feature designed for deep troubleshooting support. When enabled, it can capture network packet traces with their full content.
Although network and application performance troubleshooting with smart packet capture does not require personal data of the monitored user, network packets captured contain all data exchanged over the network. Personal data may be recorded there.
Smart packet capture works on demand. Packets are captured upon explicit request of a privileged NAM user and within a limited scope (client, server, and time).
To control user group access to smart packet capture:
- On the NAM Console navigation menu, select Security > User groups.
- Verify which groups have the Packet capture user role enabled and disable it where it's not needed.
For each group:
- Click the Actions button and select Edit.
- Under Roles, clear Packet capture user for groups where it's not needed. (If some people in the group need it, you may need to assign the role to them individually or create a smaller group only for people who definitely need that role.)
- Save your changes.
For more information, see Smart packet capture