Currently, it seem that NTA can only defined app for either to or from a server + port. Is there a way to define both for a single app?
Right on. So there are two ways to accomplish this quickly:
1) Create an IP Address Group with only the 1 server IP you are wanting to track (NetFlow Settings > Manage IP Address Groups > Add New Group)
2) Create a filter from the Flow Navigator and save it to your menu bar
-- You can actually use this to create a shortcut to your IP Address Group as well
Either of these methods will allow you to filter your results to only include flow data relative to your selected endpoint.
Can you rephrase your question? Using NetFlow Settings > Manage Applications and Service Ports > Add Application brings up this screen:
Here, you can define the Application Name ,Service Port, Protocol, and (optionally) define endpoints based on IP Address Groups you have created (NetFlow Settings > IP Address Groups)
Is there some other functionality that you are looking for?
-ZackM
Loop1 Systems: SolarWinds Training and Professional Services
I want to see all traffic from a particular server.
For that I have to define 2 APPs, one from any to server IP and another from server IP to any. Apparently, NTA is not merging the traffic between the two if you define only 1. Basically I want to see the traffic to my webserver
Thanks for taking the time to reply.
I have done the first since its a requirement for defining the app. 2nd one is pretty interesting. Both serve its purpose but its not what I was looking for. I hope to see the info in the top app menu. This is just one server that I am referring to, we have a number of services that will be good to be displayed on the apps statistics instead of just plain protocol/services.
Due to the way netflow data is structured, the logical way is still to use IP Group for viewing traffic for a particular IP.
