Online Help En
-
Upload
luis-samuel-esteban-montalvo -
Category
Documents
-
view
228 -
download
0
Transcript of Online Help En
-
7/23/2019 Online Help En
1/163
NetFlow Tracker 9.0
User Guide
PN 3365122
February 2014, Rev 2, 02/2014
2009-2014 Fluke Corporation. All rights reserved.
All product names are trademarks of their respective companies.
-
7/23/2019 Online Help En
2/163
NetFlow TrackerUser Guide
2
Third Party Software ComponentsNetFlow Tracker includes software developed by the Apache Software Foundation (http://www.apache.org/)).
NetFlow Tracker includes the following third party software components:
Apache Commons Collections
3.2, available at http://commons.apache.org/collections/ .This is distributed under the Apache Software License, acopy of which is available at http://www.apache.org/LICENSE .
Apache Commons Logging
1.0.4, available at http://commons.apache.org/logging/ .This is distributed under the Apache Software License, acopy of which is available at http://www.apache.org/LICENSE .
Apache Log4j
1.2.15, available at http://logging.apache.org/log4j/ .This is distributed under the Apache Software License, a copyof which is available at http://www.apache.org/LICENSE.
Apache Xerces Java 2.9.0, available at http://xerces.apache.org/xerces2-j/ .This is distributed under the ApacheSoftware License, a copy of which is available at http://www.apache.org/LICENSE.
IE5.5+ PNG Alpha Fix 1.0RC4, available at https://reader009.{domain}/reader009/html5/0316/5aab7ea86c361/5aab7eac15c0b.fix/.This is distributed underthe CC-GNU Lesser GNU Public License, a copy of which is available athttp://creativecommons.org/licenses/LGPL/2.1/deed.en .
iText
2.0.6, available at http://www.lowagie.com/iText/ .This is distributed under the Mozilla Public License, a copy ofwhich is available at http://www.mozilla.org/MPL/MPL-1.1.html .
Jakarta Tomcat 3.3.2, available at http://tomcat.apache.org/ .This is distributed under the Apache Software License,a copy of which is available at http://www.apache.org/LICENSE .
SNMP4j
1.10.2, available at http://www.snmp4j.org/. This is distributed under the Apache Software License, a copy of whichis available at http://www.apache.org/LICENSE .
Quartz
1.6.0, available at http://www.opensymphony.com/quartz/. This is distributed under the Apache Software License,a copy of which is available at http://www.apache.org/LICENSE
PostgreSQL
9.0, available at http://www.postgresql.org/. Distribuited under Open Source Licence detailed herehttp://www.opensource.org/licenses/postgresql
End User LicenseThis is a legal agreement between you ("You"/ "the End User""), and Fluke Electronics Corporation, a Delaware corporation,
including its division, Fluke Networks ("FNET"), with offices at 6920 Seaway Boulevard, Everett, Washington, 98203, USA. BY
DOWNLOADING OR OTHERWISE ELECTRONICALLY RECEIVING THIS SOFTWARE PRODUCT ("PRODUCT") IN
ACCORDANCE WITH OUR SOFTWARE DELIVERY PROCEDURES OR BY BREAKING THE SEAL ON A PRE-INSTALLED
APPLIANCE OR OPENING THE SEALED DISK PACKAGE WHICH CONTAINS THE PRODUCT, YOU ARE AGREEING TO BE
BOUND BY THE TERMS OF THIS AGREEMENT.
1. GRANT OF LICENSE AND PAYMENT OF FEES Provided that You have paid the applicable License fee, if you are a direct user
(as opposed to a service provider), FNET grants You a non-exclusive and non-transferable, revocable License to use one copy of
the Product on the maximum number of servers supporting the maximum number of devices (router, switch (including each module
with layer 3 capabilities such as WAN interface, layer 3 routed interface, or blade) specified in your purchase order, or if not so
specified, on a single server supporting a single device by a single user, and only for the purpose of carrying out your business in the
country specified in your order. If you are a Service Provider (as opposed to a direct user), FNET grants You a non-exclusive and
non-transferable, revocable License to use one copy of the Product on the maximum number of PE devices regardless of where they
are actually taking the flows from. If you are a Managed Service Provider, FNET grants You a non-exclusive and non-transferable,
revocable License to use one copy of the Product on the maximum number of CE devices Irrespective of where they are actuallytaking the flows from. This Product is licensed for internal use by You, the end user only. Once a license key has been issued to You,
http://www.apache.org/http://www.apache.org/http://commons.apache.org/collections/http://commons.apache.org/collections/http://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://commons.apache.org/logging/http://commons.apache.org/logging/http://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://logging.apache.org/log4j/http://logging.apache.org/log4j/http://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://xerces.apache.org/xerces2-j/http://xerces.apache.org/xerces2-j/http://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://www.twinhelix.com/css/iepngfix/demo/http://www.twinhelix.com/css/iepngfix/demo/http://creativecommons.org/licenses/LGPL/2.1/deed.enhttp://creativecommons.org/licenses/LGPL/2.1/deed.enhttp://www.lowagie.com/iText/http://www.lowagie.com/iText/http://www.mozilla.org/MPL/MPL-1.1.htmlhttp://www.mozilla.org/MPL/MPL-1.1.htmlhttp://tomcat.apache.org/http://tomcat.apache.org/http://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://www.opensymphony.com/quartz/http://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://www.opensymphony.com/quartz/http://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://tomcat.apache.org/http://www.mozilla.org/MPL/MPL-1.1.htmlhttp://www.lowagie.com/iText/http://creativecommons.org/licenses/LGPL/2.1/deed.enhttp://www.twinhelix.com/css/iepngfix/demo/http://www.apache.org/LICENSEhttp://xerces.apache.org/xerces2-j/http://www.apache.org/LICENSEhttp://logging.apache.org/log4j/http://www.apache.org/LICENSEhttp://commons.apache.org/logging/http://www.apache.org/LICENSEhttp://commons.apache.org/collections/http://www.apache.org/ -
7/23/2019 Online Help En
3/163
NetFlow TrackerUser Guide
3
the product is non-refundable. Under certain, limited circumstances, Fluke may at its sole discretion, provide written permission for
You to transfer your license. iii In the event that at any time You wish to extend the permitted number of servers or devices above the
permitted amount, You must contact FNET or the reseller from whom you purchased the Product ("the Reseller") and an additional
License fee may be agreed upon and a new License issued for the requested additional number of servers/devices. FNET or your
Reseller may require that You provide written certification showing the geographical locations, type and serial number of all
computer hardware on which the Software is being used, together with confirmation that the Product is being used in accordance
with the conditions of this Agreement. You shall permit FNET or your Reseller, and/or their respective agents to inspect and have
reasonable access, during normal business hours, to any premises, and to the computer equipment located there, at or on which the
Software is being kept or used, and any records kept pursuant to this Agreement, for the purposes of ensuring compliance with theterms of this License. 2. EVALUATION AND GOLD SUPPORT EVALUATION.If a provided license key is labeled "Evaluation",
FNET grants You the right to use the Product enabled by that key solely for the purpose of evaluation, and the Product will cease to
function seven (7) days from enabling (or after such longer period as may be agreed by FNET and confirmed by FNET or your
Reseller in writing), at which time the License grant for that Product also ends. After the evaluation period, You may either purchasea full License to use the Product from your Reseller or directly from FNET, or You must promptly stop using the Evaluation Product
and all associated documentation. The warranty described in Section 5 shall not apply to Product that is downloaded for evaluationpurposes.3. INTELLECTUAL PROPERTY RIGHTSAll intellectual property rights in the Product belong to FNET and its Supplier(s)
and Licensors(s) and You acknowledge that the Product contains valuable Trade Secrets of FNET, its Supplier(s) and Licensor(s)
and You have no ownership claims or rights whatsoever in the Product. You may (a) make one copy of the Product solely for backup
or archival purposes and keep this securely, or (b) transfer the software to a secure single hard disk provided that You keep the
original solely and securely for backup or archival purpose. You may not copy the written materials accompanying the Product. You
shall not remove or alter FNET's copyright or other intellectual property rights notices included in the Product or in and any
associated documentation. You must notify FNET forthwith if You become aware of any unauthorized use of the Product by any third
party. FNET's Supplier(s) and Licensor(s) are third party beneficiaries of this Agreement as it pertains to relevant intellectual
property rights associated with the Product, and provisions of this Agreement related to intellectual property rights are enforceableby FNET, its Supplier(s) and Licensor(s). 4. OTHER RESTRICTIONS You shall not sublicense, distribute, market, lease, sell,
commercially exploit, loan or give away the Product or any associated documentation. For the avoidance of doubt, this License does
not grant any rights in the Product to, and may not be assigned, sublicensed or otherwise transferred to, any connected person,
where the term connected person includes but is not limited to the End User's subsidiaries, affiliates or any other persons in any way
connected with the End User, whether present or future. The Product and accompanying written materials may not be used on more
than the permitted number of servers at any one time or for in excess of the permitted number of devices. Subject always to any
rights which You may enjoy under applicable law (provided that such rights are exercised strictly in accordance with applicable law)
and except as expressly provided in this Agreement, You may not reproduce, modify, adapt, translate, decompile, disassemble or
reverse engineer the Product in any manner. You shall not merge or integrate the Product into any other computer program or work,
and You shall not create derivative works of the Product. FNET reserves all rights not expressly granted under this Agreement. 5.LIMITED WARRANTY FNET warrants that during the warranty period (a) the Product will perform substantially in accordance with
its accompanying written materials, and (b) the media on which the Product is furnished shall be free from defects in materials and
workmanship. The warranty period applicable to the Product shall be ninety (90) days from the date of delivery of the Product or, if
longer, the shortest warranty period permitted in respect of the Product under applicable law ("Warranty NetFlow Tracker User
Guide iv Period"). The warranty for any hardware accompanying the Product shall be as stated on the warranty card shipped with the
hardware. If, within the Warranty Period, You notify FNET of any defect or fault in the Product in consequence of which the Product
fails to perform substantially in accordance with its accompanying written materials, and such defect or fault does not result from
You, or anyone acting with your authority, having amended, modified or used the Product for a purpose or in a context other than the
purpose or context for which it was designed or licensed according to this Agreement, or as a result of accident, power failure or
surge or other hazards, FNET shall, at FNET's sole option and absolute discretion, do one of the following: (i) repair the Product; or(ii) replace the Product; or (iii) repay to You all license fees which You have paid to FNET under thisAgreement. FNET does not
warrant that the operation of the Product will be uninterrupted or error or interruption free. 6. CUSTOMER REMEDIESYou must call
your FNET representative to discuss remedies during the 90 day warranty period referred to in Section 5 above. You acknowledgethat your sole remedy for any defect in the Product will be Your rights under Section 5. 7. NO OTHER WARRANTIES.FNET
AND/OR ITS SUPPLIERS, DISCLAIM ALL OTHER WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT
TO THE PRODUCT, THE ACCOMPANYING WRITTEN MATERIALS AND ANY ACCOMPANYING HARDWARE AND YOU
AGREE THAT THIS IS FAIR AND REASONABLE. THE EXPRESS TERMS OF THIS AGREEMENT ARE IN LIEU OF ALL
WARRANTIES, CONDITIONS, UNDERTAKINGS, TERMS OF OBLIGATIONS IMPLIED BY STATUTE, COMMON LAW, TRADE
USAGE, COURSE OF DEALING OR OTHERWISE, ALL OF WHICH ARE HEREBY EXCLUDED TO THE FULLEST EXTENT
PERMITTED BY LAW.8. NO LIABILITY FOR CONSEQUENTIAL DAMAGES IN NO EVENT SHALL FNET AND/OR ITSSUPPLIERS BE LIABLE FOR ANY INDIRECT, CONSEQUENTIAL OR ECONOMIC LOSS OR DAMAGES WHATSOEVER OR
-
7/23/2019 Online Help En
4/163
NetFlow TrackerUser Guide
4
FOR ANY LOSS OF PROFITS, REVENUE, BUSINESS, SAVINGS, GOODWILL, CAPITAL, ADDITIONAL ADMINISTRATIVE TIME
OR DATA ARISING OUT A DEFECT IN THE PRODUCT OR THE USE OF OR INABILITY TO USE THE PRODUCT, EVEN IF
FNET HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 9. TERMINATIONEither party shall be entitled forthwith
to terminate this Agreement by written notice if the other Party commits any material breach of any of the provisions of this
Agreement and, fails to remedy the same within sixty (60) days after receipt of a written notice from the non-breaching Party giving
full particulars of the breach and requiring it to be remedied. You shall be obliged to notify FNET in writing of any change in the
control or ownership of the End User and FNET shall be entitled forthwith to terminate this Agreement by written notice. This
Agreement shall automatically terminate if replaced at any time with a new License agreement. The right to terminate this
Agreement given by this Section 9 will be without prejudice to any other accrued right or remedy of either Party including accrued
rights or remedies in respect of the breach concerned (if any) or any other breach, or which the Parties have accrued prior totermination. 10. INDEMNIFICATIONYou shall indemnify FNET and hold it harmless from any loss, damages, proceedings, suits,
third party claims, judgments, awards, expenses and costs (including legal costs) incurred by or taken against FNET as a result of
the negligence, fault, error, omission, act or breach of You or of your employees, staff, contractors, agents or representatives or forany breach of this Agreement whatsoever by You. Notwithstanding any other provision of this Agreement, the aggregate liability of
FNET for or in respect of all breaches of its contractual obligations under this Agreement and for all representations, statements and
tortuous acts or omissions v (including negligence but excluding negligence causing loss of life or personal injury) arising under or in
connection with this Agreement shall in no event exceed the License fee paid by You pursuant to this Agreement prior to the date ofthe breach. 11. CONFIDENTIAL INFORMATION AND SECURITYDuring and after this Agreement, the Parties will keep in
confidence and use only for the purposes of this Agreement all Confidential Information. Confidential Information means information
belonging or relating to the Parties, their business or affairs, including without limitation, information relating to research,
development, Product, processes, analyses, data, algorithms, diagrams, graphs, methods of manufacture, trade secrets, business
plans, customers, finances, personnel data, and other material or information considered confidential and proprietary by the Parties
or which either Party is otherwise informed is confidential or might or ought reasonably expect that the other Party would regard as
confidential or which is marked "Confidential". For the avoidance of doubt, You shall treat the Product and any accompanying
documentation as Confidential Information. Confidential Information does not include any information (i) which one Party lawfully
knew before the other Party disclosed it to that Party; (ii) which has become publicly known through no wrongful act of either Party,
or either Parties' employees or agents; or (iii) which either Party developed independently, as evidenced by appropriate
documentation; or (iv) which is required to be disclosed by law. The Parties will procure and ensure that each of its employees,
agents, servants, sub-contractors and advisers will comply with the provisions contained in this Section. If either Party becomes
aware of any breach of confidence by any of its employees, officers, representatives, servants, agents or sub-contractors it shall
promptly notify the other Party and give the other Party all reasonable assistance in connection with any proceedings which the other
Party may institute against any such person. This Section 11 shall survive the termination of this Agreement. Notwithstanding the
above confidentiality provisions, in accepting this License agreement, You agree that, subject to any applicable data protection laws,
FNET may use your business name and logo for the purposes of marketing and promotion of the product and its business and Youhereby grant FNET a limited License to use your business name and logo for these purposes. 12. EXPORT CONTROL You shall be
responsible for and agree to comply with all laws and regulations of the United States and other countries ("Export Laws") to ensure
that the Product is not exported directly, or indirectly in violation of Export Laws or used for any purpose prohibited by Export laws.13. GOVERNING LAW AND JURISDICTIONThis Agreement and all relationships created hereby will in all respects be governed
by and construed in accordance with the laws of the state of Washington, United States of America, in respect of all matters arising
out of or in connection with this agreement. The Parties hereby submit to the exclusive jurisdiction of the Washington Courts.
NOTHING IN THIS CLAUSE SHALL PREVENT FNET FROM TAKING AN ACTION FOR PROTECTIVE OR PROVISIONALRELIEF IN THE COURTS OF ANY OTHER STATE. 14. MISCELLANEOUS 14.1 The provisions of Sections 3, 7, 8, 10, 11, 12, 13
and 14 and the obligation on you to pay the License fee shall survive the termination or expiry of this Agreement. 14.2 This
Agreement is personal to You and You shall not assign, sublicense or otherwise transfer this Agreement or any part of your rights or
obligations hereunder whether in whole or in part save in accordance with this Agreement and with the prior written consent of FNET
and You shall not allow the Product to become the subject of any charge, lien or encumbrance of whatever nature. Nothing in this
Agreement shall preclude the Licensor from assigning the Product or any related documentation or its rights and obligations under
this Agreement to a third party and You hereby consent to any such future assignment. 14.3 This Agreement supersede all prior
representations, arrangements, understandings and agreements between the Parties herein relating to the subject matter hereof,
and sets out the entire and complete agreement and understanding between the Parties relating to the subject matter hereof. 14.4 If
any provisions of the Agreement are held to be unenforceable, illegal or void in whole or in part the remaining portions of the
Agreement shall remain in full force and effect. NetFlow Tracker User Guide vi 14.5 No party shall be liable to the other for any delay
or non-performance of its obligations under this Agreement (save for your obligation to pay the fees in accordance with Section 1)
arising from any cause or causes beyond its reasonable control including, without limitation, any of the following: act of God,
governmental act, tempest, war, fire, flood, explosion, civil commotion, industrial unrest of whatever nature or lack of or inability toobtain power, supplies or resources. 14.6 A waiver by either party to this Agreement of any breach by the other party of any of the
-
7/23/2019 Online Help En
5/163
NetFlow TrackerUser Guide
5
terms of this Agreement or the acquiescence of such party in any act which but for such acquiescence would be a breach as
aforesaid, will not operate as a waiver of any rights or the exercise thereof. 14.7 No alterations to these terms and conditions shall be
effective unless contained in a written document made subsequent to the date of the terms and conditions signed by the parties
which are expressly stated to amend the terms and conditions of this Agreement.
-
7/23/2019 Online Help En
6/163
NetFlow TrackerUser Guide
6
NETFLOW TRACKER 9.0 .............................................................................................................................1
USER GUIDE ..............................................................................................................................................1
THIRD PARTY SOFTWARE COMPONENTS ..................................................................................................2
END USER LICENSE ....................................................................................................................................2
1: NETFLOW TRACKER OVERVIEW ...................................................................................................... 11
KEY FEATURES.............................................................................................................................................. 11
DEPLOYING NETFLOW TRACKERS..................................................................................................................... 12
DATA MANAGEMENT..................................................................................................................................... 13
PRODUCT SERVICES....................................................................................................................................... 13
Obtaining Technical Support ................................................................................................................ 13
2: INSTALLING NETFLOW TRACKER ......................................................................................................... 15
SYSTEM REQUIREMENTS................................................................................................................................. 15
Hardware Requirements ...................................................................................................................... 15
Software Requirements ........................................................................................................................ 16
PREPARING FOR INSTALLATION......................................................................................................................... 17
INSTALLING NETFLOW TRACKER ON MICROSOFT WINDOWS.................................................................................. 18
Installing Java Runtime Environment on Windows .............................................................................. 18
Installing NetFlow Tracker ................................................................................................................... 19
INSTALLING NETFLOW TRACKER ON LINUX......................................................................................................... 21
3: SETTING UP NETFLOW TRACKER ......................................................................................................... 23
OPENING NETFLOW TRACKER.......................................................................................................................... 23
SELECTING A LANGUAGE................................................................................................................................. 24
SETTING UP NETFLOW TRACKER....................................................................................................................... 25
Setting up Licensing for NetFlow Tracker ............................................................................................. 25
Provisioning & Activation for a Network Performance Appliance ....................................................... 26Setting up Listener Ports ...................................................................................................................... 26
Applying SNMP Settings ....................................................................................................................... 27
Enabling Devices to Export Flow Data .................................................................................................. 28
Applying Device Settings in NetFlow Tracker ....................................................................................... 29
Device List ............................................................................................................................................ 31
Applying Traffic Class IDs ..................................................................................................................... 31
Applying Identified Applications........................................................................................................... 32
-
7/23/2019 Online Help En
7/163
NetFlow TrackerUser Guide
7
Applying Interface Settings .................................................................................................................. 33
Deleting a Device.................................................................................................................................. 34Making Sure That Data is Received ...................................................................................................... 35
Applying Security Settings .................................................................................................................... 38
VIEWING VERSION INFORMATION..................................................................................................................... 39
4: VIEWING REAL-TIME DATA ................................................................................................................. 40
VIEWING NETWORK OVERVIEW DATA............................................................................................................... 40
Top Applications and Interfaces for a Device ....................................................................................... 42Application Conversations .................................................................................................................... 42
Top Applications and Usage for an Interface ....................................................................................... 42
Interface Conversations ....................................................................................................................... 43
VIEWING DEVICES......................................................................................................................................... 43
VIEWING INTERFACES..................................................................................................................................... 44
VIEWING PER-ASDATA.................................................................................................................................. 46
FILTERING REAL-TIME DATA............................................................................................................................ 46
VIEWING CHART DATA................................................................................................................................... 52
Working with Pie Charts ....................................................................................................................... 53
Working with Tables ............................................................................................................................ 54
5: VIEWING LONG-TERM DATA ............................................................................................................... 56
VIEWING LONG-TERM NETWORK OVERVIEW DATA.............................................................................................. 56
VIEWING LONG-TERM DEVICE AND INTERFACE DATA............................................................................................ 58
FILTERING LONG-TERM DATA.......................................................................................................................... 59
SAVING A LONG-TERM FILTER.......................................................................................................................... 60
6: SETTING UP REPORTS ......................................................................................................................... 61
REPORTS OVERVIEW...................................................................................................................................... 61
SAVING REPORT FILTERS................................................................................................................................. 63SCHEDULING REPORTS.................................................................................................................................... 64
CREATING LONG-TERM REPORTS...................................................................................................................... 68
CREATING EXECUTIVE REPORTS........................................................................................................................ 73
Adding a Sub-report Cell ...................................................................................................................... 76
Adding an HTML Cell ............................................................................................................................ 78
VIEWING EXECUTIVE AND REAL-TIME REPORTS................................................................................................... 79
7: WORKING WITH ALARMS ................................................................................................................... 80
-
7/23/2019 Online Help En
8/163
NetFlow TrackerUser Guide
8
ALARMS OVERVIEW....................................................................................................................................... 80
Alarm Severity and Lifecycle................................................................................................................. 81Thresholds and Baseline Sensitivity ...................................................................................................... 81
Alarming for Persistent Changes .......................................................................................................... 82
Baseline Learning and Reset ................................................................................................................ 82
Tips and Techniques ............................................................................................................................. 83
CONFIGURING ALARMS.................................................................................................................................. 84
Creating an Alarm ................................................................................................................................ 84
Creating an Interface Alarm ................................................................................................................. 85
Configuring the Host Behavior Alarm .................................................................................................. 87
CONFIGURING NOTIFICATION SETTINGS............................................................................................................. 89
VIEWING EVENTS.......................................................................................................................................... 89
Viewing the Events Timeline ................................................................................................................ 89
Viewing the Event List .......................................................................................................................... 90
Viewing the Event Lifecycle .................................................................................................................. 91
8: OPTIMIZING NETFLOW TRACKER ........................................................................................................ 93
DATA DISPLAY AND FILTERING SETTINGS............................................................................................................ 93
Management Portal Settings ............................................................................................................... 94
IP Application Names ........................................................................................................................... 96
DiffServ Names ..................................................................................................................................... 98
Hostname Resolution Settings ............................................................................................................. 99Subnet Names ...................................................................................................................................... 99
AS Names ........................................................................................................................................... 100
DATA MANAGEMENT AND SYSTEM PERFORMANCE MONITORING........................................................................ 101
Database Settings .............................................................................................................................. 101
Backup ................................................................................................................................................ 102
Archiving ............................................................................................................................................ 104
Memory Settings ................................................................................................................................ 105
A: SETTING UP NETFLOW ON NETWORK DEVICES ................................................................................. 106
ENABLING NETFLOW EXPORT/NDEON A CISCO ROUTER OR LAYER 3SWITCH........................................................ 106
Enabling NetFlow Export on an IOS Device ........................................................................................ 107
Enabling Sampled NetFlow Export ..................................................................................................... 108
IP FLOW-EXPORT TEMPLATE TIMEOUT-RATE 10.................................................................... 110
-
7/23/2019 Online Help En
9/163
NetFlow TrackerUser Guide
9
Enabling NDE on a Native IOS Device................................................................................................. 110
Enabling NetFlow Export on a 4000 Series Switch ............................................................................. 112Configuring NDE on a CatOS Device ................................................................................................... 112
ENABLING FLEXIBLE NETFLOW EXPORT............................................................................................................ 113
Enabling Flexible NetFlow Export ....................................................................................................... 113
Enabling Sampled Flexible NetFlow Export ........................................................................................ 115
Enabling NetFlow Export on Nexus 1000v & 7000 ............................................................................. 116
CONFIGURING NETFLOW INPUT FILTERS FOR TRAFFIC CLASS REPORTING............................................................... 118
ENABLING FLOW DETAIL RECORDS ON A PACKETEER DEVICE................................................................................ 118
ENABLING NETFLOW ON AN ENTERASYS DEVICE................................................................................................ 119
ENABLING SFLOW ON A FOUNDRY DEVICE........................................................................................................ 120
B: REPORT TEMPLATES ......................................................................................................................... 122
ADDRESS REPORTS...................................................................................................................................... 122
SESSION REPORTS........................................................................................................................................ 123
QOSREPORTS............................................................................................................................................ 125
NETWORK REPORTS..................................................................................................................................... 125
INTERFACE REPORTS.................................................................................................................................... 126
TRAFFIC IDENTIFICATION REPORTS.................................................................................................................. 127
FULL FLOW FORENSICS REPORTS.................................................................................................................... 127
OTHER REPORTS......................................................................................................................................... 127
C: REPORT URL PARAMETERS ............................................................................................................... 129
GENERAL FORMAT....................................................................................................................................... 133
REPORT PARAMETERS.................................................................................................................................. 134
TIME RANGE PARAMETERS............................................................................................................................ 140
Setting Start and End Times ............................................................................................................... 140
Creating a Fixed Length URL with Current Time Range ..................................................................... 141
Setting a Simple Calendar-Based Time Range ................................................................................... 141Setting an Advanced Calendar-Based Time Range ............................................................................ 143
Applying a Time-of-Day Mask to the Time Range .............................................................................. 145
Setting a Time Zone ............................................................................................................................ 145
Setting the Chart Sample Size ............................................................................................................ 149
Setting the Source Long-term Data .................................................................................................... 150
Filter Parameters ................................................................................................................................ 151
SECURITY PARAMETERS................................................................................................................................ 157
-
7/23/2019 Online Help En
10/163
NetFlow TrackerUser Guide
10
MANAGEMENT PORTAL ACCESS CONTROL PARAMETERS..................................................................................... 157
D: FILE FORMATS .................................................................................................................................. 161
CSVFILE FORMAT....................................................................................................................................... 161
Chart CSV format................................................................................................................................ 161
Pie chart CSV format .......................................................................................................................... 161
Tabular report CSV format ................................................................................................................. 162
XMLFORMAT............................................................................................................................................ 162
Chart XML format............................................................................................................................... 162Pie chart XML format ......................................................................................................................... 163
Tabular report XML format ................................................................................................................ 163
-
7/23/2019 Online Help En
11/163
NetFlow TrackerUser Guide
11
1: NetFlow Tracker Overview
Topics include:
Key Features
Deploying NetFlow Trackers
Data Management
Product Services
Key Features
NetFlow Tracker lets you, as a Network Administrator, view flow traffic from routers andmanaged switches on the network. From a web-based interface, it provides a set of
dynamic charts and reports to help you understand the nature of network traffic flow in your
network.
You can analyze application and protocol information in depth, including user, server, and
applications activity.
NetFlow Tracker supports data from a range of devices in various formats includingNetFlow versions 1, 5, and 9, IPFIX, Nortel IPFIX, sFlow, J-Flow, Cflow, and NetStream.
Key features include:
Install and configure NetFlow Tracker on Windows or Linux servers. See Chapter 2,
Installing NetFlow Tracker.
-
7/23/2019 Online Help En
12/163
NetFlow TrackerUser Guide
12
Customize setup to determine how data is gathered and managed, and optimize
NetFlow Tracker performance based on the data you need. See Chapter 3, Setting UpNetFlow Trackerand Chapter 8, Optimizing NetFlow Tracker.
View real-time network traffic in detail at per-minute resolution for one week by default.
Traffic views by user, user group, conversation, system and application are available.
Drill down and zoom in on data. Filter all real-time reports and charts on any field. See
Chapter 4, Viewing Real-Time Data.
Create custom long-term reports and charts.
Define and quickly access custom executive reports.
Format reports and charts as CSV or XML for further processing or as simplified HTML
or PDF for printing or emailing.
Full flow forensic reports are available. See Chapter 6, Setting up Reports.
Create threshold and baseline alarms. Receive notifications via SNMP traps. See
Chapter 7, Working with Alarms.
Deploying NetFlow TrackersYou can deploy NetFlow Tracker as stand-alone software on a dedicated server on your
network or as a Network Performance Appliance. As NetFlow Tracker is a web-based
application, you can access the system from anywhere in the network.
NetFlow Tracker servers are typically deployed near large switches or tightly clustered
switches or routers where there is a high degree of NetFlow traffic.
Alternatively, you can deploy a Network Performance Appliance as part of the Visual
Performance Manager network performance management system. This lets you viewperformance data and create reports from multiple Network Performance Appliances on
the network through a single web portal interface. For more information, see the Visual
Performance Manager System Administration Guide.
-
7/23/2019 Online Help En
13/163
NetFlow TrackerUser Guide
13
Data ManagementNetFlow Tracker has two databases:
The real-time database stores data at millisecond granularity. Report data is displayed
in one-minute granularity. By default, data is stored for up to seven days. You can
adjust this setting in Database Settings.
The long-term database stores aggregated data for multiple years at a granularity that
you set in Database Settings. By default, data is stored for 999 weeks at one-hourgranularity. When you configure long-term reports using custom granularity, the
database stores that data at that granularity for as long as the report is scheduled.
Database maintenance occurs every six hours (you cannot run database maintenance on
demand). During this time data is reorganized and transferred and aggregated in the
long-term database. To monitor the length of time this takes, see Making Sure That Data
is Receivedin Chapter 3: Setting up NetFlow Tracker
You can also archive and back up real-time data.
See:
Database Settings in Chapter 8
Backup in Chapter 8
Archiving in Chapter 8
Product ServicesFor NetFlow Tracker product information, see:
www.visualnetworksystems.com/netflow-tracker
Obtaining Technical Support
If you require technical support for NetFlow Tracker, contact the Fluke Networks Technical
Assistance Center (TAC) at the points listed below:
-
7/23/2019 Online Help En
14/163
NetFlow TrackerUser Guide
14
By phone: 1-800-708-4784By email:[email protected]
Supervision Gold support packages are available from the Visual Network Systems website.
mailto:[email protected]:[email protected]:[email protected]:[email protected] -
7/23/2019 Online Help En
15/163
NetFlow TrackerUser Guide
15
2: Installing NetFlow Tracker
Topics include:
System Requirements
Preparing for Installation
Installing NetFlow Tracker on Microsoft Windows
Installing NetFlow Tracker on Linux
Note
For upgrade information, see the Release Notes included with the NetFlow
Tracker release.
System RequirementsThe type of system required to run NetFlow Tracker depends on the number of devices
sending NetFlow information to it and the amount and nature of traffic handled by those
devices.
Hardware Requirements
The following requirements are a guideline. To determine your requirements, test the
softwares performance in your network environment.
-
7/23/2019 Online Help En
16/163
NetFlow TrackerUser Guide
16
Table 1 Minimum Hardware Requirements
Component Minimum Requirement
Processor Intel Pentium D, Core 2 or Xeon or a compatible processor ofsimilar performance. Multiple processors improve performance,
but consider these only after increasing RAM and the
performance of the disk subsystem.
RAM 2 GB. Performance increases with the amount of RAM available
for the disk cache and database buffers.
Disk subsystem High performance disk subsystem with substantial free space.
SAS 6/i RAID controller, with 15k RPM disks in RAID 1+0
configuration
Software RequirementsNote
NetFlow Tracker requires high speed disk I/O to run effectively. If you run
antivirus software on the NetFlow Tracker server you are likely to have periodic
issues with storing and accessing flow data.
Table 2 Software Requirements
Software Requirement
Operating system English, Chinese, and Japanese language versions aresupported.
Windows XP Professional SP2
Windows Server 2003 R2 SP 2
Windows Server 2003 SP 2
Windows Server 2000 LinuxNetFlow Tracker has been tested and is supported
on Red Hat Enterprise Linux 5 and Fedora Core 10 runningJava 1.6.0_05 or later and MySQL 5.0 (Intel-compatibleprocessor).
For more information on installing NetFlow Tracker on otherLinux distributions, contact Fluke Networks TAC.
-
7/23/2019 Online Help En
17/163
NetFlow TrackerUser Guide
17
Browser MS Internet Explorer (IE) 7.0
IE 6.0 with SP1, critical updatesFirefox 3.0
Other web browsers may run but have not been tested.
Java version Java 2 Runtime Environment SE v1.6.0_05 or later
Other components MySQL 5.0 or PostgreSQL 9.0, installed with NetFlowTracker
Adobe Acrobat Reader 6.0 or later
Preparing for InstallationBefore installing, complete the following tasks:
NetFlow Tracker puts a heavy load on the system. It is strongly recommended that you
install it on a dedicated server.
Do not install any other MySQL-dependent software on the NetFlow Tracker server.
Because of the large database size and optimized structure required by NetFlow
Tracker, MySQL is set up in a way that can seriously degrade the performance of other
software that use MySQL.
NetFlow Tracker uses a version of MySQL that differs significantly from that used by
Fluke Networks NetFlow Monitor, NetWatch and ResponseWatch products. If you
install NetFlow Tracker on a server running one of these products it will not function
correctly. Likewise, if you install one of these products on a server running NetFlow
Tracker, both products will not function correctly.
NetFlow Tracker contains an embedded web server. Web servers normally run on port
80, but another web server on your system may be using this. You can choose a
different port during installation or disable other web servers prior to installation.
If you have previously configured a router for NetFlow Monitor, please note that
NetFlow Tracker requires a different active flow timeout or long aging timer.
-
7/23/2019 Online Help En
18/163
NetFlow TrackerUser Guide
18
Installing NetFlow Tracker on MicrosoftWindowsYou must log in as an administrator to install NetFlow Tracker. Installation takes several
minutes.
If you received NetFlow Tracker on CD, the setup program starts automatically when
you insert the CD. If it does not, open the CD drive in My Computerand double-click
setup.exe.
If you downloaded NetFlow Tracker software, double-click the file you downloaded.
Installation detects unsupported MySQL versions. If MySQL is installed on the server
already, a message asks if you want to continue. Uninstall any unsupported MySQL
version. NetFlow Tracker requires MySQL 5.0, which installed with the application. The
installation program will fail if the installed version of MySQL uses a root password.
Installing Java Runtime Environment on Windows
To install Java Runtime Environment:
1 Insert the NetFlow Tracker CD in your server.
2 If the server does not have the required version of the Java Runtime Environment
installed, click OKto install it. The Java installer launches.
3 Accept Suns license agreement and click Next.
4 On the Setup Type screen, choose Typicalor Custom. Select Customif you do not
want the web browser to use Suns Java Plug-in. Click Next.
-
7/23/2019 Online Help En
19/163
NetFlow TrackerUser Guide
19
5 When Java Runtime Environment installation is completed, click Finish.
Installing NetFlow Tracker
Once Java Runtime Environment installation completes, the NetFlow Tracker software
begins installing.
To install NetFlow Tracker:
1 On the Welcome screen, click Next.
2 On the License Agreement screen, accept the agreement and click Next.
3 On the Customer Information screen, enter your name and organization name.
Choose whether to install the software for yourself only or for every user that logs in to
the system. If you install the software for yourself, only you will see the shortcut to the
web front-end and only you can uninstall the software.
4 Click Next.
5 On the Setup Type screen, choose:
-
7/23/2019 Online Help En
20/163
NetFlow TrackerUser Guide
20
Completeto install NetFlow Tracker to the nfNetFlow Trackerfolder on your
system drive and MySQL to the MySQL folder on the same drive. The internalweb server will run on port 80 if available. If port 80 is unavailable, you are
prompted to choose another. Click Next. Proceed to step 7.
Customif you want to change the install folders or choose a different port even if
80 is available.
Click Next.
6 If you chose Custom, the Custom Setup screen is shown. You can change the install
folder for NetFlow Tracker and MySQL. Select the feature and click Change.
7 Click Next.
8 If you chose Custom setup or if port 80 is in use, the Select HTTP Port screen isshown. Select a port and click Testto check if it is available. Click Next.
9 On the Ready to Install screen, click Install. Installation take several minutes. If
installation stops for longer than that, contact Fluke Networks TAC. When installation
completes, click Finish.
After installation, a shortcut is placed in the NetFlow Trackerfolder under the Programsin
the Windows Startmenu.
-
7/23/2019 Online Help En
21/163
NetFlow TrackerUser Guide
21
Installing NetFlow Tracker on LinuxThe RPM installer works only for the supported distributions of Linux: Red HatEnterprise Linux 5 and Fedora Core 8. If you are trying to upgrade on a different
platform contact Fluke Networks TAC [email protected].
The NetFlow Tracker web server runs on port 8000.
To install or upgrade using the RPM run the following as root (replace the RPM file below
with the file you downloaded).
rpm -Uvh nftracker-6.0-0.i386.rpm
The following is an example of the install sequence:
The following graphic shows the successfully completed installation.
http://mailt:[email protected]/http://mailt:[email protected]/http://mailt:[email protected]/http://mailt:[email protected]/ -
7/23/2019 Online Help En
22/163
NetFlow TrackerUser Guide
22
-
7/23/2019 Online Help En
23/163
NetFlow TrackerUser Guide
23
3: Setting Up NetFlow Tracker
After installation, you can set up NetFlow Tracker to monitor data. Topics include:
Opening NetFlow Tracker
Selecting a Language
Setting up NetFlow Tracker
Viewing Version Information
Opening NetFlow Tracker
To open and set up NetFlow Tracker:
1 Open NetFlow Tracker:
To open NetFlow Tracker from the computer on which it is installed, from the
Windows task bar select Start > All Programs > NetFlow Tracker > NetFlow
Tracker.
To open NetFlow Tracker from a URL, open a web browser and type the IP ad-
dress or DNS name of the NetFlow Tracker on the port set up during installation.2 The Network Overview page is shown.
If you have not yet configured NetFlow Tracker, the Network Overview page has
no data. In the upper left part of the interface, select Main Menu> Settings.
Configure the settings required so that NetFlow Tracker can start monitoring data,
as detailed in this chapter.
If you have already configured NetFlow Tracker, data is shown on the Network
Overview page. See Viewing Network Overview Datain Chapter 4.
-
7/23/2019 Online Help En
24/163
NetFlow TrackerUser Guide
24
Note:
If you have password protection enabled you may need to log in as an administrativeuser to see the Main Menu > Settingslink. See Applying Security Settings later in
this chapter.
Selecting a LanguageYou can view the NetFlow Tracker interface in English, Chinese, or Japanese, depending
on the language settings of your browser.
To change language settings:
1 Access the language selection dialog:
In Firefox, select Tools > Options. From the Generaltab (in Firefox 2.0) or
Content tab (in Firefox 3.0), under Languages, click Choose.
In Internet Explorer, select Tools > Internet Options. From the General tab, click
Languages.
2 Click Addand select a supported language from the list:
Chinese/China [zh-cn]
Japanese [ja]
English/United States [en-us]
3 Select the language you want to use and click Move Upto place it at the top of the list.
10 Click OK. Then click OKagain in the Options or Internet Options dialog.
If you have password protection enabled you may need to log in as an administrative
user to see the Main Menu > Settingslink. See Applying Security Settings later in
this chapter.
-
7/23/2019 Online Help En
25/163
NetFlow TrackerUser Guide
25
Setting up NetFlow TrackerFrom the Settings page (Main Menu > Settings) you can set up NetFlow Tracker to gather
data from network devices, determine how that data is gathered and managed, and
monitor and optimize NetFlow Tracker performance.
If you are using NetFlow Tracker for the first time after installation, set up NetFlow Tracker
to start gathering data. Topics include:
Setting up Licensing for NetFlow Tracker or Provisioning & Activation for a Network
Performance Appliance
Setting up Listener Ports
Applying SNMP Settings
Enabling Devices to Export Flow Data
Applying Device Settings in NetFlow Tracker
Making Sure That Data is Received
Applying Security Settings
Once NetFlow Tracker begins collecting data you can apply additional data filtering and
management settings. For more information, see Chapter 8, Optimizing NetFlow Tracker.
When applying settings, note:
Each settings page controls a single aspect of the software. To apply changes, click
OKon that page. To return to the main Settings page without applying changes, click
Cancel.
Use the session path link on settings pages to return to the main Settings page. Usingthe web browsers Back button can cause you to lose changes.
Setting up Licensing for NetFlow Tracker
Use the Licensing page to apply a new full or trial license or check the status of an existing
license.
N tFl T k
-
7/23/2019 Online Help En
26/163
NetFlow TrackerUser Guide
26
To install a license:
1 Select Main Menu > Settings > Licensing.
2 Add license information:
If from a file, click Browse, locate the file, and select it. Then click Load.
If text, enter or paste the text and click Decode.
3 Click OK.
Provisioning & Activation for a Network PerformanceAppliance
Use the Activation page to review the current activation status.
An NPA must have a valid Activation Key for full operation. Appliances supplied by VisualNetwork Systems will automatically include such a key. However, virtual NPAs (and
physical NPAs re-installed from the Recovery Disk) will need an Activation Key to be
supplied via VPM.
In cases where a valid Activation Key is not present, the NPA will start a 30 day trial period
when first provisioned into a VPM. Once this period has expired a user must apply a full
Activation Key; upon successful application of the new key data acquired during the trial
period will then still be visible.
To initiate activation an NPA must be provisioned into a VPM. Please refer to the Visual
Performance Manager User Guidefor further details on provisioning an NPA and sending
an Activation Key down to the NPA.
Note that if the NPA has Security Settings defined, the NPA must also define a portal
secret under Management Portal Settings and the same portal secret must be entered inthe provisioning settings on VPM.
Setting up Listener Ports
Use the Listener Ports page to set the UDP ports on which NetFlow Tracker will monitor
NetFlow traffic from devices.
NetFlow Tracker
-
7/23/2019 Online Help En
27/163
NetFlow TrackerUser Guide
27
When you set up NetFlow exporting on a device, you provide a port number to which to
send exports. By default, NetFlow Tracker listens on ports 2055 and 6343.
For more information about configuring devices for NetFlow, see Appendix A, Setting up
NetFlow on Network Devices.
To add listener ports:
1 Select Main Menu >Settings > Listener Ports.
2 Add ports. Select All local addressesand enter a port number:
Note
When adding local addresses, you must specify a port number on the NetFlow
Tracker server to receive NetFlow traffic.
3 Set the Receive buffer size. The default size is 32768. This setting applies to all ports.
Note
If traffic exceeds the buffer size, increase the buffer size to avoid dropping
packets. If you increase the buffer size, monitor the systems memory usage.
11 Click OK. If you receive an error message, one or more ports are already in use. An
asterisk (*) marks these ports. Remove these ports and add others until no errors
remain.
Applying SNMP Settings
Use the SNMP Settings page to define default SNMP parameters. This information is used
to query devices.
When NetFlow Tracker receives exports from a previously unknown device, it scans the
device using SNMP to find its name and interface properties. Devices enabled for SNMPv1
or SNMPv2c can be accessed using a password, called a community string. By default,
NetFlow Tracker defines the community string public. You can define additional
community strings and define the order in which they will be attempted.
NetFlow Tracker
-
7/23/2019 Online Help En
28/163
NetFlow TrackerUser Guide
28
For devices enabled for SNMPv3, access depends on the level of security and access
rights defined. A single set of default SNMPv3 parameters can be specified. SNMPv3security is controlled by the User Name plus an optional Authorization Protocol &
Passphrase and Privacy Protocol & Passphrase. SNMPv3 access is controlled by an
optional Context Name.
Note
A device is scanned when it reboots and when NetFlow Tracker software
restarts. Because NetFlow Tracker checks each SNMPv2 community first when
it detects a new device, place the most frequently used communities higher in the
list for faster scanning.
You can change the SNMP parameters used to rescan an existing device on the device
configuration page. See Applying Device Settings in NetFlow Trackerlater in this chapter.
Devices that have not been successfully queried using SNMP have an next to them in
the Device List. See Device List later in this chapter.
To apply SNMP settings:
1 Select Main Menu > Settings > SNMP Settings.
2 Select SNMP 1/2c or SNMP 3.
3 If SNMP 1/2cis selected, enter at least one SNMP community string. If multiple strings
are added, each one will be attempted successively until an SNMP query is successful.
Enter the most common string first in order to speed up the search.
If SNMP 3is selected, enter SNMP v3 configuration information.
12 Leave the default settings for timeout (5000 ms) and number of attempts (3) used for
SNMP requests.
13 Click OK.
Enabling Devices to Export Flow Data
To view data in NetFlow Tracker, you must enable network devices (routers and switches)
to export flow data to the server running NetFlow Tracker. For more information, see
Appendix A, Setting up NetFlow on Network Devices.
NetFlow Tracker
-
7/23/2019 Online Help En
29/163
NetFlow TrackerUser Guide
29
Once devices are enabled, to see whether NetFlow Tracker has started collecting data,
see Making Sure That Data is Received later in this chapter.
Applying Device Settings in NetFlow Tracker
Use the Device Settings page to:
Collect information from devices using SNMP queries, so that interfaces are named
correctly.
Apply BGP settings if BGP is used to establish routing between autonomous systems
(ASes).
If necessary, specify a global scaling factor for sampled data from a device, so that
utilization information is scaled accurately in reports..
Apply traffic class, identified applications, and interface settings.
To configure devices:
1 Select Main Menu > Settings > Device Settings.
2 Select a device from the Device List. See Device List, below.
3 Apply General settings:
Override the name detected using SNMP.
Choose whether to archive real-time data from the device. Note: When you archive
data all NetFlow data monitored by the device is archived.
Show interface descriptions entered on the network device or leave the default
setting. Default does not show the interface descriptions.
14 Apply SNMP settings. For SNMP mode, select:
Use SNMPif the device supports SNMP. Let NetFlow Tracker use SNMP to scan
a device because the numbers used to identify the inbound and outbound inter-faces in NetFlow exports are not constant and SNMP is the only way NetFlow
Tracker can make a correct correlation between an identifier and a physical in-
terface or port.
Select an SNMP version (SNMPv1, SNMPv2c or SNMPv3) and enter the SNMP
criteria. See Applying SNMP Settings, above, for more information.
Dont use SNMPif the device does not support SNMP. This assigns default
properties to each interface encountered in NetFlow exports from the device.
NetFlow Tracker
-
7/23/2019 Online Help En
30/163
User Guide
30
Keep current configurationto freeze a devices configuration. This ignores any
new interface encountered, so use this with caution.
To rescan an SNMP device using the SNMP parameters specified in the page, click
Rescan. This scans but does not savethe settings. You must click OKon the Device
Settings page to apply changes. Because NetFlow Tracker rescans a device when the
software restarts, a new interface is encountered, or the device reboots, you do not
normally have to manually rescan a device.
15 Apply BGP settings if BGP is used:
Local ASThe local AS number is required to get correct AS numbers for trafficrouted to or from the local AS. If BGP is not used, leave this setting blank.
Store peer/origin ASesFor a device that can send both the peer and origin AS
number for each NetFlow record, choose which AS numbers are stored in the
database.
Store BGP next-hopFor a device that can send the BGP next-hop address in its
NetFlow exports, store this value in place of the IP next-hop for the device.
16 Set Sampled Data Scaling.Most sampled flows (such as sFlow) contain embedded scaling factors that will be
applied automatically. Note that these scaling factors can vary from source to
source (e.g. from interface to interface) and also from flow to flow. If the supplying
device is experiences heavy loads it may reduce the sampling rate (effectively
increasing the scaling factor) to compensate.
However, a user may manually enter a scaling factor if they are not being supplied
by the device by checking this option and specifying a device-wide scaling factor.For flows that contain the embedded scaling factor, see Applying Interface
Settings, below, for more information.
17 Apply Traffic Class settings. See Applying Traffic Class IDs below.
8 Apply Identified Applications settings. See Applying Identified Applications, below.
9 Apply settings for interfaces. See Applying Interface Settings, below.
10 Click OK.
11 Click OKon the Device Settings page.
NetFlow Tracker
-
7/23/2019 Online Help En
31/163
User Guide
31
Device List
Use the device list on the Device Settings page to check the status of known devices and
override the interface descriptions and speeds collected by NetFlow Tracker.
NetFlow Tracker performs an SNMP scan when it starts to populate this list. When devices
reboot, they are rescanned.
The name and address of each known device are listed, along with a status indicator:
(exclamation point)Indicates that NetFlow Tracker could not contact the device
using SNMP or is ignored due to a license violation.
(hourglass)Indicates that the device is being scanned and cannot be edited. To
see if scanning has finished click Refresh.
No iconThe device is working correctly.
Click a device name to edit its settings.
Note
Any changes you make to any device are only applied when you click OKin the
main Device Settings page.
Applying Traffic Class IDsIn the Traffic Class IDs section of a devices settings page, you can map traffic classes or
manually add these using the list.
For devices that can export traffic class data that helps route the traffic involved in each
flow, leave Automatically map traffic classeschecked. If this option is not available for a
device, add each traffic class to NetFlow Tracker and configure a map from the devices
class ID to the NetFlow Tracker traffic class. Give each class a unique identifier that is used
if you create a URL with a traffic class filter. Note: This identifier does not need to match the
identifier exported by any of your devices for the traffic class.
To add traffic class IDs
NetFlow Tracker
-
7/23/2019 Online Help En
32/163
User Guide
32
1 Select Main Menu >Settings > Device Settings.
2 Select a device from the Device List. See Device List above.
3 Expand Traffic Classes:
For devices that can export traffic class data that helps to help route the traffic
involved in each flow, leave Automatically map traffic classeschecked.
For devices that do not automatically map traffic classes, click add/deletein the
Traffic Class column header.
18 On the Traffic Class Names page, enter a unique identifier and name.19 Click Add. To delete an ID, select its checkbox and click Delete.
20 Click OK.
21 Click OKin the devices settings page.
Applying Identified ApplicationsIdentified applications are similar to traffic classes and you configure them in the same
way. Packeteer devices support this feature.
As with traffic classes, leave mapping enabled for devices that support it.
For devices that do not support automatic mapping, you must create a unique, NetFlow
Tracker-specific identifier for each identified application that you want to report on. Thendefine a mapping from the device-specific protocol or service ID to the NetFlow Tracker
identified application for each device.
To add application identifiers:
1 Select Main Menu > Settings > Device Settings.
2 Select a device from the Device List. See Device List above.
3 Expand Identified Applicationsand click add/deletein the Identified Applications
column header.
22 On the Identified Application Names page, enter an identifier and name.
23 Click Add. To delete an ID, select its checkbox and click Delete. Click OK.
24 Click OKon the devices settings page.
NetFlow TrackerU G id
-
7/23/2019 Online Help En
33/163
User Guide
33
Applying Interface Settings
If you cannot change the settings of the device or it has an asynchronous interface, you
can override the description, inward speed, and outward speed for its interfaces. For
non-SNMP compatible devices, you must provide interface descriptions and speeds.
You can associate any interface on any device with a uniquely named Virtual Private
Network (VPN) for reporting and filtering. A VPN groups data from the devices and
interfaces assigned to it. This data is included in the VPNs report and by the VPN filters.
NetFlow Tracker assigns the customer-facing interfaces of an MPLS provider edge router
(PER) using MPLS VPN and supports the standard SNMP MIB automatically. If your
network device does not support this, you must create a unique identifier for each VPN.
Note
If you reset a speed or description setting and the device reboots or has an
SNMP rescan, your settings are overridden.
If the device is sending sampled flows with the sample rate embedded in the flow record
(such as sFlow), then the last sample rate for a flow on a specific interface will be reported.
Note that some devices may be under excessive load and return a large value to indicate
this problem (sampled rate of 2147483647 or 7FFFFFFF hex).
You can also set an interface as inactive. Inactive interfaces do not show up in the interface
status report or in the Filter Editor. This option is useful to remove interfaces that do not
report NetFlow data from reports.
To apply interface settings:
1 Select Main Menu >Settings > Device Settings.
2 Select a device from the Device List. See Device List, above.
3 Expand Interfaces. You have the following options:a Enter an interface name and description.
b Enter the speed.
c To associate an interface with a VPN, click add/deletein the VPN column header.
On the VPNs page, enter a unique ID and name for each VPN. The description is
optional. To delete a VPN from the list, select its checkbox and click Delete. Click
OK.
NetFlow TrackerUser Guide
-
7/23/2019 Online Help En
34/163
User Guide
34
4 In the VPN column on the devices settings page, select from the drop-down list. If the
interface is not part of a VPN, leave the setting to noneand make sure that the P in-
terface(s) on an MPLS PER have their VPN set to nonealso because they carry traffic
from multiple VPNs.
Note
VPNs are assigned to interfaces by name, so each VPN must have a unique
name.
5 To mark an interface as inactive, check its Inactivebox.
6 Click OK.
7 Click OKon the Device Settings page.
Deleting a Device
You can delete a device from the devices settings page.
Note
When you delete a device, if the device is still sending NetFlow data to NetFlow
Tracker it will reappear after you delete it.
To delete a device:
1 From the NetFlow Tracker Main Menu, select Settings > Device Settings.
2 Select a device from the Device List. See Device List, above.
3 On the Device page, click Delete.
Note
If you cancel the deletion at this point, you will lose any other changes you have
made on the setting page.
4 ClickYes to continue.
5 On the Device Settings page, click OK. If you click Cancel, the device will remain, but
other changes you applied will be lost.
NetFlow TrackerUser Guide
-
7/23/2019 Online Help En
35/163
User Guide
35
Making Sure That Data is Received
To check that NetFlow Tracker is receiving data from a device, first check the Device
Settings page to make sure that SNMP access was successful. After several minutes, see
that the Network Overview shows data. Then review information on the Performance
Counters page.
Use the Performance Counters page to diagnose problems in NetFlow Tracker setup and
ongoing operation. Counters are stored for each device from which the software has
received data (see Table 3, Performance Counters, below). Counts start when the
system is started and you can reset them at any time.
Table 3 Performance Counters
Item Definition
System started at The time and date the system started.
Counters last reset at The time and date the performance counters were reset back to zero.
Free space for database The amount of available space on the disk for the database. The following message:ALERT: Flow processing suspended due to insufficient disk space. is shownwhen the tracker has stopped collecting flows because less than 10% of the disk
space is available. A warning is shown when less than 25% of the disk space is
available.
Disk usage over last hour
indicates disk will be full in
Trended disk usage over the last hour indicates that the disk will be full in the specified
time period.
Disk usage over last dayindicates disk will be full in
Trended disk usage over the last 24 hours indicates that the disk will be full in thespecified time period.
Current Free Memory The amount of free memory from the current program allocation.
Maximum Free Potential
Memory
The maximum potential free memory available to NetFlow Tracker.
NetFlow TrackerUser Guide
-
7/23/2019 Online Help En
36/163
User Guide
36
Current Program Allocation The amount of memory currently allocated to NetFlow Tracker.
Maximum ProgramAllocation
The maximum amount of memory that is available to NetFlow Tracker.
Average sample storage
duration:
The average time it takes to store samples to the database.
Last long-term database
maintenance durations:
This also lists the reports completed fully, partially, or skipped.
Last real-time database
maintenance duration:
The time that it took to delete real-time data older than the real-time data storage
period, plus the time that it took to archive the data. If the time is greater than 30minutes, it may indicate a performance problem on the server, too much data in the
database, or insufficient memory allocated for NetFlow Tracker.
NetFlow data received Shows the number of exports and amount of NetFlow data received from each device.Note: This is not the amount of traffic described by the exports but the LAN trafficgenerated by the exports.
Flow versions Indicates the flows versions received from this device. It is possible for a device to
send more than one version.
Traffic described Tracks the total amount of network traffic across all interfaces in each direction as
described by NetFlow exports received from each device.
Ignored flows These are flows that are discarded by Tracker and therefore are not included in theTracker flow database. Flow records are discarded for the following reasons:
Flow records are latesee Late Flows When devices are first seen by tracker (the device starts sending flow records), the
tracker attempts an SNMP query of the device and stores a record of the device inthe database. The tracker ignores flows from the device until the device record is
stored in the database.
NetFlow TrackerUser Guide
-
7/23/2019 Online Help En
37/163
37
Late flows This indicates whether flows are arriving at the tracker on time. If the counter is
non-zero, the router configuration should be reviewed. A temporary measure is to
increase the holdback timer so that late flows are processed; however, this introducesa delay in flow processing.
A flow is considered to be late if the difference between the flow end time and therouter sysUpTimemarked in the flow export header is greater than the tracker
holdbacktime. Ideally, flow exporting devices should be configured so that this timedifference is approximately one minute.
Long flows This shows the number of flows longer than 60 seconds received from a device. A
device sending a number of long flows should be examined to ensure that the activeflow timeout and/or mls aging settings are as advised in Appendix A, Setting upNetFlow on Network Devices.A consequence of long flows can be that utilization
spikes of greater that 100% appear in Trackers charts.
Unprocessed flowsets NetFlow version 9 flows are encoded in a flexible manner using templates exported bythe router every few seconds. For several minutes after starting NetFlow Tracker or
after a router reboots, NetFlow Tracker may receive flows that it cannot decode.
If you do not see data after 10 minutes, check the server, NetFlow Tracker settings,and the router configuration.
Interface scans NetFlow Tracker scans the interface list of each device exporting to it when the device
or NetFlow Tracker software restarts. A rescan also occurs when a new v9 export
template is received. A large number of rescans, particularly failed ones, indicates aproblem.
Missed flows NetFlow versions 5 and 7 exports contain a sequence number that NetFlow Trackeruses to detect when exports are missed. It can miss exports due to network
congestion or a busy router. If a switch or router is reordering the UDP packets thatcontain NetFlow exports, missed flows are shown. Each export normally contains dataon about 30 flows.
Note: If the NetFlow Tracker server is processing a very high volume of data it may
drop packets. In this case, increase the receive buffer size in Listener Ports.
See Setting up Listener Ports, above.
Missed exports NetFlow version 9 exports contain a sequence number that NetFlow Tracker uses to
detect when exports are missed. Unlike the version 5 or 7 sequence numbers, only thenumber of missed exports can be counted and not the number of missed flows.
NetFlow TrackerUser Guide
-
7/23/2019 Online Help En
38/163
38
No out interface The router sends flows with no out interface when anaccess control list lookup fails
or multicast traffic is routed. A high number of flows with no out interfaces is normal.
No in interface The arrival of flows with no in interface may indicate a configuration problem on a
Catalyst switch. Contact Fluke Networks TAC.
Applying Security Settings
Use the Security Settings page to set the protection level for user access to NetFlow
Tracker. You can also set a new default or custom home page for all users and for
individual users.
When adding a custom home page, make sure that the URL of any custom home page is
relative to the servers root. For example, the standard home page is specified asindex.jsp and the Network Overview is specified as report.jsp?cid=_topdevices. The
Network Overview is the default home page.
Security settings are optional.
To apply password protection:
1 Select Main Menu >Settings > Security Settings.
2 Choose a protection level:
No password protectionNo login or password is required and all pages are
accessible.
Protect configuration onlyA login and password is required for access. Set-
tings pages are accessible only to administrators.
Protect all accessA login and password is required for access. Settings pagesare accessible only to administrators and standard users have view-only access.
3 Set a custom home page. The default is Network Overview.
To use your own HTML page as a custom home page, place it in the customweb
folder under the NetFlow Tracker install folder and enter the URL here. For example, if
you enter http://server/customweb/file.htmlthe home page is
customweb/file.html.
NetFlow TrackerUser Guide
-
7/23/2019 Online Help En
39/163
39
6 If you applied password protection, add user login and password. You may apply
user-specific home pages. You must set at least one user as an administrator who can
configure settings.
7 Click Add. To delete users, select the users checkbox and click Delete.
8 Click OK. If you applied password protection or changed your own user login details
you must log in again.
Viewing Version InformationThe Aboutpage (Main Menu > Settings > About) shows NetFlow Tracker, Java, MySQL,
and operating system version information. It also shows the status of all main subsystems.
Use this page when consulting with Fluke Networks TAC to help diagnose a problem.
NetFlow TrackerUser Guide
-
7/23/2019 Online Help En
40/163
40
4: Viewing Real-Time Data
After you complete initial setup, real-time data is available within a few minutes. You canview this data in chart and table formats.
Topics include:
Viewing Network Overview Data
Viewing Devices
Viewing Interfaces
Filtering Real-time Data
Viewing Chart Data
See also:
Database Settings in Chapter 8.
Applying General and Real-time Report Settings in Chapter 6.
Viewing Network Overview DataThe Network Overview (Main Menu > Network Overview) shows the top devices and
interfaces on the network. From here, you can drill down to device and interface-specific
application data. It is NetFlow Trackers default home page. This page shows:
A pie chart, stacked bar chart over time, and table show the top five applications plus
Other by percentage of total traffic rate.Average and peak traffic rates are also
shown.
NetFlow TrackerUser Guide
-
7/23/2019 Online Help En
41/163
41
A table shows the top five interfaces by peak percentage of usage, along with the
direction and average percentage of usage.
A table shows the top five interfaces by traffic rate, along with the direction and
average traffic rate.
Viewing options include:
Click a device in the list to see its top applications and busiest interfaces.
Click an interface name to see its top applications and recent traffic.
Right-click a pie segment to create a report for that segment. From the menu, select anitem to create another chart for the selected time range.
Figure 1 Network Overview
Hold mouse over a
segment to highlightcorresponding table
row
Right-click to run an
ad hoc report
Click to view top
applications and
interfaces on device
Click to view top
applications and traffic
rate for interface
NetFlow TrackerUser Guide
-
7/23/2019 Online Help En
42/163
42
Top Applications and Interfaces for a Device
You open the Top Applications and Interfaces page