Installation instructions for NetFlow Auditor and supported Operating Systems

NOTE: Important preset configurations to be aware of

Documentation can be found on our Support Page.

Try some of the quick reporting by clicking on the Baseline and other buttons that you will find to the right of each line of each sub Configuration screen. Click on the Filter to see how it has been built, then extend it. This will help you to see how easy it is to create any perspective you need and then save it for future use.


QuickStart 1 - Quick Report from Known Ports

    Go to the Configuration box on the left and click on Configuration -> Applications > Selected Port.
    Find Ftp port 20 or 21
    Click on the Last Available Hour(Bytes) - Mouse over the top line of the icons to find the Real-Time Icon that says this
    Click on the Icon and a preset report showing all the Source IP to Dest IP FTP transfers will be shown on the timeline
    You should be able to see the start and stop of the download/upload
    Try it with other areas too.


QuickStart 2 (Advanced)- Using location based analysis

    Go to the Configuration box on the left and click on Configuration -> Business Groups > Network.
    Click the Load button
    Compile a spreadsheet in one of the forms shown and load it up
    Apply Now
    Real-Time will begin updating within the next Minute or so
    Long-Term will only aggregate each hour so you will need to wait to see results there.
    All transactions for Long-Term will still correspond to the change point

QuickStart 3 (Advanced) - Data Collection Tuning

    We have preset some items to enable NetFlow Auditor to look after itself as best as it can in an unknown environment.

    When looking at Long-Term data you may notice that IP Ranges are rounding to class A. e.g. 66.0.0.0 Once you enter in Network information this will change the Default Long-Term rules to begin reporting the the known IP Ranges as the Start of the Range identified as a Network.

    If you wish to keep further granularity (for example all IP's inside your data center) at the Long-Term Layer you will need to change the Data Collection Tuning Rules to retain whatever detail you need for Long-Term aggregation.

    Note: If you change the default rules they will be overwritten next time you make additions or changes to your Networks IP Allocations. To prevent this from happening create a new set of Rules and Apply those to your Long-Term data. Each Device Group can be assigned its own Data Collection Tuning Rule-set so you can create different granularity settings for different parts pf your network. If you change Collection tuning create a new rule for your environment and attach it to a Device Group. This will prevent you losing changes when the default aggregation schema is saved automatically if applying a new Network configuration.

    Long-Term data will also only retain those ports identified as Selected Ports unless changed by you in the Data Collection options. This will be extended in version 4 so please watch this space.

    Real-Time has been preset to retain all Ports, all IPs, all ASNs and all ToS bits. There are still threshold rules available that will obfuscate the data if flows exceed the the 1st or 2nd Rules. As an example if records collected exceed 100000 Records per hour then NetFlow Auditor will use the next rule available to further aggregate the data to retain only the Selected Port information and set those client ports to 70000. So if the 2nd rule is to set all client ports where the Server Port is 80 or Port 53 and flows become excessive then these client Ports are changed to Port 70000. None of the other data integrity is touched unless set by the Collection Tuning Rules so you can create rules for your own environment. The standard aggregation schemes ensure the flow stored do not become excessive in large environments or where low resourced hardware has been deployed. If you want to change or delete rules that is entirely up to your needs.

Please read the Getting Started Guides and play around on the screen before plowing into the user manual. Although we are dealing with a complex topic the system is easy to understand and where possible user friendly help and information bubbles are available. We apologize if you cannot find details on areas that we have assumed or are new and have not been appropriately documented. Please, ask us questions if you don't understand something or its not clear TELL US and we will get our technical writers on the job.

We look forward to helping you to really see whats going on inside your network.

cron