Data Collection Tuning - Port Aggregation/Consolidation
Posted: Tue Feb 05, 2008 3:16 am
"Port Range" for all or specific IP addresses / ranges can be configured by using Data Collection Rules.
If the individual ports in the range do not needed to be differentiated, a port aggregation rule can be used for both Real-Time and Long-Term or Real-Time can keep individual ports and Long-Term can aggregate the same application ports into single port.
1) Go to Left Menu “Configuration->Data Collection Tuning->Config Rules-> Port Rule” Screen
Figure 1
2) Double click on one row of the right table, say the row of PortRule ID=1 (NetSight) to enter into “Port Rule Definition” Screen
3) Port Rule Definition is used to filter, aggregate and reset port collected.
4) The port collected by “CySight” can be reset as the following according to corresponding criteria.
Figure 2
Click “add” button to enter the rule.
Figure 3 - Example assuming server farm is 192.168.0.0 to 192.168.0.255,
reset server side Port 5001, 5003, 5009 to 5000
4) After entering the value, the click “Confirm” button to add the rule into the system.
5) After adding the rule into system, restart the collection.
Windows
If the individual ports in the range do not needed to be differentiated, a port aggregation rule can be used for both Real-Time and Long-Term or Real-Time can keep individual ports and Long-Term can aggregate the same application ports into single port.
1) Go to Left Menu “Configuration->Data Collection Tuning->Config Rules-> Port Rule” Screen
Figure 1
- PortRule ID =1 for Real-Time (Current Default Configuration)
PortRule ID =3 for Long-Term (Current Default Configuration)
2) Double click on one row of the right table, say the row of PortRule ID=1 (NetSight) to enter into “Port Rule Definition” Screen
3) Port Rule Definition is used to filter, aggregate and reset port collected.
- The “Order No” defines the priority to be checked against.
Corresponding criteria can be based on the following combination
Source/Dest is used to define the port side.
AS Number or AS Number range
IP or IP range
Protocol or Protocol range
Port or Port range
- The “Order No” defines the priority to be checked against.
4) The port collected by “CySight” can be reset as the following according to corresponding criteria.
- “Keep” means retain as it is
”Reset As Start Port” means reset port range to port
“Reset to Port” means reset the defined port to another port.
- “Keep” means retain as it is
- Use of Port numbers greater than 65535, e.g. 80000,70000 is allowed to create new virtual application groupings
If port is over 65535, a definition must be entered in “Selected_Port” definition (Configuration-> Applications ->Selected Port).
- “Round to” means Round up to 10,100,1000 or 10000.
Figure 2
Click “add” button to enter the rule.
Figure 3 - Example assuming server farm is 192.168.0.0 to 192.168.0.255,
reset server side Port 5001, 5003, 5009 to 5000
4) After entering the value, the click “Confirm” button to add the rule into the system.
5) After adding the rule into system, restart the collection.
Windows
- click Start Menu -> Programs -> CySight -> restart
- Enter command line “service DigiToll restart”