"Port Range" for all or specific IP addresses / ranges can be configured by using Data Collection Rules.
If the individual ports in the range do not needed to be differentiated, a port aggregation rule can be used for both Real-Time and Long-Term or Real-Time can keep individual ports and Long-Term can aggregate the same application ports into single port.1) Go to Left Menu “Configuration->Data Collection Tuning->Config Rules-> Port Rule” Screen
PortRule ID =1 for Real-Time (Current Default Configuration) 2) Double click on one row of the right table, say the row of PortRule ID=1 (NetSight) to enter into “Port Rule Definition” Screen 3) Port Rule Definition is used to filter, aggregate and reset port collected.
PortRule ID =3 for Long-Term (Current Default Configuration)
4) The port collected by “NetFlow Auditor” can be reset as the following according to corresponding criteria.
The “Order No” defines the priority to be checked against.
Corresponding criteria can be based on the following combination
Source/Dest is used to define the port side.
AS Number or AS Number range
IP or IP range
Protocol or Protocol range
Port or Port range
“Keep” means retain as it is
”Reset As Start Port” means reset port range to port
“Reset to Port” means reset the defined port to another port.
Use of Port numbers greater than 65535, e.g. 80000,70000 is allowed to create new virtual application groupings
If port is over 65535, a definition must be entered in “Selected_Port” definition (Configuration-> Applications ->Selected Port).
“Round to” means Round up to 10,100,1000 or 10000.
Click “add” button to enter the rule.
Figure 3 - Example assuming server farm is 192.168.0.0 to 192.168.0.255,
reset server side Port 5001, 5003, 5009 to 5000 4) After entering the value, the click “Confirm” button to add the rule into the system. 5) After adding the rule into system, restart the collection.
click Start Menu -> Programs -> NetFlow Auditor -> restart
Enter command line “service DigiToll restart”