NOTE: Important preset configurations to be aware of
Posted: Mon Aug 24, 2009 5:08 am
Documentation can be found on our Support Page.
Try some of the quick reporting by clicking on the Baseline and other buttons that you will find to the right of each line of each sub Configuration screen. Click on the Filter to see how it has been built, then extend it. This will help you to see how easy it is to create any perspective you need and then save it for future use.
QuickStart 1 - Quick Report from Known Ports
QuickStart 2 (Advanced)- Using location based analysis
We look forward to helping you to really see whats going on inside your network.
Try some of the quick reporting by clicking on the Baseline and other buttons that you will find to the right of each line of each sub Configuration screen. Click on the Filter to see how it has been built, then extend it. This will help you to see how easy it is to create any perspective you need and then save it for future use.
QuickStart 1 - Quick Report from Known Ports
- Go to the Configuration box on the left and click on Configuration -> Applications > Selected Port.
Find Ftp port 20 or 21
Click on the Last Available Hour(Bytes) - Mouse over the top line of the icons to find the Real-Time Icon that says this
Click on the Icon and a preset report showing all the Source IP to Dest IP FTP transfers will be shown on the timeline
You should be able to see the start and stop of the download/upload
Try it with other areas too.
QuickStart 2 (Advanced)- Using location based analysis
- Go to the Configuration box on the left and click on Configuration -> Business Groups > Network.
Click the Load button
Compile a spreadsheet in one of the forms shown and load it up
Apply Now
Real-Time will begin updating within the next Minute or so
Long-Term will only aggregate each hour so you will need to wait to see results there.
All transactions for Long-Term will still correspond to the change point
- We have preset some items to enable CySight to look after itself as best as it can in an unknown environment.
When looking at Long-Term data you may notice that IP Ranges are rounding to class A. e.g. 66.0.0.0 Once you enter in Network information this will change the Default Long-Term rules to begin reporting the the known IP Ranges as the Start of the Range identified as a Network.
If you wish to keep further granularity (for example all IP's inside your data center) at the Long-Term Layer you will need to change the Data Collection Tuning Rules to retain whatever detail you need for Long-Term aggregation.
Note: If you change the default rules they will be overwritten next time you make additions or changes to your Networks IP Allocations. To prevent this from happening create a new set of Rules and Apply those to your Long-Term data. Each Device Group can be assigned its own Data Collection Tuning Rule-set so you can create different granularity settings for different parts pf your network. If you change Collection tuning create a new rule for your environment and attach it to a Device Group. This will prevent you losing changes when the default aggregation schema is saved automatically if applying a new Network configuration.
Long-Term data will also only retain those ports identified as Selected Ports unless changed by you in the Data Collection options. This will be extended in version 4 so please watch this space.
Real-Time has been preset to retain all Ports, all IPs, all ASNs and all ToS bits. There are still threshold rules available that will obfuscate the data if flows exceed the the 1st or 2nd Rules. As an example if records collected exceed 100000 Records per hour then CySight will use the next rule available to further aggregate the data to retain only the Selected Port information and set those client ports to 70000. So if the 2nd rule is to set all client ports where the Server Port is 80 or Port 53 and flows become excessive then these client Ports are changed to Port 70000. None of the other data integrity is touched unless set by the Collection Tuning Rules so you can create rules for your own environment. The standard aggregation schemes ensure the flow stored do not become excessive in large environments or where low resourced hardware has been deployed. If you want to change or delete rules that is entirely up to your needs.
We look forward to helping you to really see whats going on inside your network.