Time to upgrade! NAM is scheduled for end of support. It's time to move to Dynatrace our all-in-one software intelligence platform.

How to configure NAM for data privacy

Default storage periods vary depending on the data that you monitor. In order to comply with GDPR requirements, make sure that you set your storage period below 30 days.

For more information, see Storage period section of the Administration console.

NAM has features that allow you to record and track client IP addresses and user names. Depending on your NAM report server setup, NAM can:

  • Track and record each client IP address separately
  • Track IP addresses from selected ranges
  • Track users with defined user names

While these features are desired for most deployments, you may have to reconfigure their settings in order to comply with GDPR.

For more information, see CAS Configuration.

When the NAM Probe analyzes the HTTP request/response body information, it has insight into personal data, but this data is not recorded unless you intentionally configure the NAM Probe to do so. If the recording is necessary (for example, it is needed for HTTP request body content analysis), recorded data can be irreversibly masked.

This global option affects data generation for all HTTP-based services and takes precedence over them. Clearing this option here will cause no such data generated for any HTTP services, even if data generation is enabled for an individual user-defined service.

If the NAM Probe is configured to write header data to disk, header data is stored in /var/spool/adlex/rtm/headerdata_* files. Header data includes:

  • Request header
  • Request parameters (from URL)
  • POST data
  • POST data (raw)
  • Request cookie in the HTTP request section
  • Response header
  • Response cookie in HTTP response section

For more information, see Sequenced Transactions and Header Data, Configuring URL monitoring and Regular expression fundamentals.

For each of the monitored services (software services in the NAM configuration), you can choose to either not capture user names at all, or to pseudonymize captured user names and to restrict user name access only to people whose user role allows such access.

DC RUM 2018

For more information, see HTTP monitoring.

Smart packet capture is a NAM feature designed for deep troubleshooting support. When enabled, it can capture network packet traces with their full content.

Although network and application performance troubleshooting with smart packet capture does not require personal data of the monitored user, network packets captured contain all data exchanged over the network. Personal data may be recorded there.

Smart packet capture works on demand. Packets are captured upon explicit request of a privileged NAM user and within a limited scope (client, server, and time).

To control user group access to smart packet capture:

  1. On the NAM Console navigation menu, select Security > User groups.
  2. Verify which groups have the Packet capture user role enabled and disable it where it's not needed.
    For each group:
    1. Click the Actions button and select Edit.
    2. Under Roles, clear Packet capture user for groups where it's not needed. (If some people in the group need it, you may need to assign the role to them individually or create a smaller group only for people who definitely need that role.)
    3. Save your changes.

For more information, see Smart packet capture