Netflow Optimizer™
Total Page:16
File Type:pdf, Size:1020Kb
NetFlow Optimizer™ User Guide Version 2.4.8 (Build 2.4.8.0.2) February 2017 © Copyright 2012-2017 NetFlow Logic Corporation. All rights reserved. Patents both issued and pending. Contents About this Guide .......................................................................................................................................................... 3 How NetFlow Optimizer Works .................................................................................................................................. 3 What Are Modules and Converters? .......................................................................................................................... 3 How External Data Feeder for NFO Works ................................................................................................................ 5 How to Use this Guide ............................................................................................................................................... 5 Solutions at a Glance ................................................................................................................................................. 6 Modules Specifications ............................................................................................................................................... 9 Network Traffic and Devices Monitoring .................................................................................................................... 9 Top Traffic Monitor (10067 / 20067) ...................................................................................................................... 9 Top Pairs Monitor (10064 / 20064) ...................................................................................................................... 12 Top Connections Monitor (10063 / 20063) .......................................................................................................... 15 Top Packets Monitor (10068 / 20068) ................................................................................................................. 18 Network Subnets Monitor (10011 / 20011) .......................................................................................................... 20 TCP Health Monitor (10060 / 20060) ................................................................................................................... 22 CBQoS Monitor (10065 / 20065) ......................................................................................................................... 24 Autonomous Systems Monitor (10066 / 20066) .................................................................................................. 26 Enhanced Traffic Monitor ......................................................................................................................................... 27 Top Traffic Monitor Geo Country (10967 / 20967) ............................................................................................... 27 Enhanced Traffic Monitor 2 ...................................................................................................................................... 31 Top Traffic Monitor Geo City (10867 / 20867) ..................................................................................................... 31 Network Bandwidth Consumption Monitor by Application for Blue Coat PacketShaper .......................................... 33 Network Bandwidth Consumption Monitor (10964 / 20964) ................................................................................ 33 Security .................................................................................................................................................................... 35 Hosts Geographical Location Monitor (10040 / 20040) ....................................................................................... 35 Botnet Command and Control Traffic Monitor (10050 / 20050) ........................................................................... 38 Host Reputation Monitor (10052 / 20052)............................................................................................................ 40 Threat Feeds Monitor (10053 / 20053) ................................................................................................................ 42 Email ........................................................................................................................................................................ 44 Outbound Mail Spammers Monitor (10025 / 20025) ............................................................................................ 44 Inbound Mail Spammers Monitor (10026 / 20026) .............................................................................................. 46 Unauthorized Mail Servers Monitor (10027 / 20027) ........................................................................................... 49 Rejected Emails Monitor (10028 / 20028) ........................................................................................................... 50 Services Monitor ...................................................................................................................................................... 51 DNS Monitor (10004 / 20004, 20005) .................................................................................................................. 51 Asset Access Monitor (10014 / 20014) ................................................................................................................ 55 Services Performance Monitor (10017 / 20017) .................................................................................................. 57 Cisco ASA Devices Monitoring ................................................................................................................................ 60 Top Bandwidth Consumers for Cisco ASA (10018 / 20018) ................................................................................ 60 Top Traffic Destinations for Cisco ASA (10019 / 20019) ..................................................................................... 62 Top Policy Violators for Cisco ASA (10020 / 20020) ........................................................................................... 63 Top Hosts with most Connections for Cisco ASA (10021 / 20021) ...................................................................... 65 Palo Alto Networks Devices Monitoring ................................................................................................................... 66 Top Bandwidth Consumers for Palo Alto Networks (10030 / 20030) ................................................................... 66 Top Traffic Destinations for Palo Alto Networks (10031 / 20031) ........................................................................ 68 NetFlow Optimizer User Guide 1 Hosts with Most Policy Violations for Palo Alto Networks (10032 / 20032).......................................................... 70 Most Active Hosts for Palo Alto Networks (10033 / 20033) ................................................................................. 71 Bandwidth Consumption per Application for Palo Alto Networks (10034 / 20034) .............................................. 73 Bandwidth Consumption per Application and Users for Palo Alto Networks (10035 / 20035) ............................. 74 VMware ................................................................................................................................................................... 76 Top VM:Host Pairs (10164 / 20164) .................................................................................................................... 76 Top VM Traffic Monitor (10167 / 20167) .............................................................................................................. 78 Utilities ..................................................................................................................................................................... 80 Sampling Monitor (10002 / 20002) ...................................................................................................................... 80 SNMP Information Monitor (10003 / 20003) ........................................................................................................ 82 Special Converters ..................................................................................................................................................... 84 Original Flow Data (20001) ...................................................................................................................................... 84 sFlow Data (20800, 20900) ..................................................................................................................................... 86 FDR Packeteer-2 Flow Data (20010) ....................................................................................................................... 88 Appendix ..................................................................................................................................................................... 94 NetFlow v5 - NetFlow v9 Field Types Mapping........................................................................................................ 94 NetFlow Optimizer User Guide 2 About this Guide Use this User Guide to learn about NetFlow Optimizer (NFO), its Modules and Converters, their functionality, inputs, outputs, and configuration