Comments
-
I think you are now down to picking one of two options. * Enable logging on the TMG server * Use something like LANGuardian to capture the user, IP, proxy, website, and volumes from network traffic. My own area of expertise is packet capture so I may be missing something. Hopefully other Thwack members might post here if…
-
NetFlow data is not available from servers or storage. It is a feature found mostly on Cisco routers although some switches support it as well. There are other ways of getting traffic\bandwidth information about your servers and storage. One thing to check is SolarWinds NPM which uses SNMP to query the servers\storage and…
-
Hi Shisheer, Hope you found that info useful that I sent on. Please don't hesitate to contact me if you have any more questions Darragh
-
Some info at this link which explains how to setup nProbe to work with Orion NTA. Orion NTA and nProbe: Analyzing bandwidth hogs without flow-capable network equipment Your proxy setup may be a problem here as NTA will report clients connecting to the proxy with traffic levels. If this is all you need then it could be an…
-
Hi All, I have been following this thread with interest as it's something that I get asked about, monitoring a web filter to make sure it is doing its job. While I appreciate that the discussions are around APM and the use of HTTP monitors I thought I would share other ways that this can be achieved. The requests I was…
-
Hi Pat, As you mention it is doing packet inspection at chokepoints. If you have a managed switch then you will have the option of setting up a SPAN or mirror port. Typically people SPAN their Internet gateway, routers, and critical server traffic to a monitor port which the LANGuardian connects to. We are not fans of…
-
Hi There, As jswan mentioned we have a product called LANGuardian which integrates with Orion. It uses a DPI engine which looks at HTTP headers and DNS query traffiic. You can see a sample of the output at the link below. http://demo2.netfort.com/Orion/SummaryView.aspx?viewid=31 Darragh
-
@jrchapman I am not a QoE expert either but from my experience of it I think you are correct. It's main focus is on gathering high level application an timing information. When it comes to security monitoring you need to look at the contents as you say. At the upper end of monitoring you could try and record all packets…
-
Once you start exporting NetFlow data you should see an alert that a new NetFlow source was detected. If not your router or switch should appear as a source If you want to see bandwidth use, you only need to configure the router, ideally you use the router that is nearest to your NTA server so the flow data does not need…
-
You could also SPAN\mirror the connections to the routers but you may already have this setup if you are using Wireshark. The problem with Wireshark is that long term packet captures will use up a lot of resources. You could download the 30 day trial of LANGuardian and hook it up to the same packet source that you are…
-
I not going to claim to be an expert on RIVERBED so excuse my basic questions. Just wondering what ports you are monitoring on the RIVERBED. Are you monitoring both the input and output ports?
-
Hi There, Depending on what other applications are running on your network you may be able to get some level of visibility by creating a report which looks at any local clients connecting to external hosts on high destination port numbers. Protocols like BitTorrent typically use high port numbers. Failing that you could…
-
The user name association is an interesting one. As far as I know you wont get this from NPM or NTA. Packet analysis will give you more accurate info too, this is especially true if you are monitoring Internet traffic. Data extracted from HTTP headers can be gold dust when it comes to troubleshooting. See demo at link…
-
Apologies, did not know you are using v9. My response was asumming you were running v5. I must get with the times As Jerold suggests there are a lot of interesting tools out there for processing v9
-
Hi Shisheer, At the moment we have this PDF which details the steps required to get it setup http://www.netfort.com/sites/default/files/downloads/LANGuardian-SolarWinds-integration-pack.pdf In a couple of days we are releasing a new version of the integration pack and this will have a video install guide as well. The new…
-
There is MAC info in NPM but it would be fairly static as far as I know, you scan the network, decide what to monitor and it does its thing. Even if it scanned the network every X mins there is a chance it would miss something new which was only plugged in for a few minutes. Maybe an option is the log and event manager…
-
Hi There, We develop a product called LANGuardian and some of our customers use it for situations like the ones you describe. Something to show who\what is hitting hosted services. LANGuardian uses a DPI engine to capture flow and application info from network traffic. It does not age data so you would be able to look at…
-
If you are looking to set up a SPAN port, you can download a free SPAN port configurator tool from this link. SPAN Port Configurator
-
First up if you have not done so already you may want to consider virtual IPs. More reading here - http://support.citrix.com/article/CTX111898 That will give you network data to work with as you will be able to see what session is connecting to what. Next up you would need to monitor the traffic going to and from your…
-
Thanks for the response. Yes, had read that article and he bought the domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com which has now turned into a sinkhole. Problem is that WannaCry2 is just around the corner and those behind it will make it more robust so it does not go down if one domain is taken out. From what I…
-
For most Cisco switches excluding really old stuff and the new Nexus range you setup SPAN by following these steps. 1. Connect your monitoring tool to a port on the switch. The monitoring tool will need to have two network interfaces. One for management and one for the SPAN port. Note the port number that you connect to.…
-
Take a look at this, if the diagram matches up with your configuration then this is an option http://www.solarwinds.com/documentation/Orion/docs/OrionAndRiverbedWANOptimization.pdf Another option is to export NetFlow directly from the Riverbed device but I would try the suggestions at the link above first.
-
Hi Rejeesh, In that case you have three options 1. Set up a SPAN port on the switch and use nprobe to convert the packet data to flows. Be sure to read this blog post before you consider using NetFlow for Internet monitoring 2. Enable web auditing on the TMG server. If this works you will need something like SolarWinds LEM…
-
Hi Pat, NetFlow data is very much like a phone bill. You see all the calls, how much they cost and a total at the end. However, you see no reference as to what was discussed on the calls and this is like flow data. To get the level of visibility that you need you need to look inside the packet payloads to extract things…
-
I use Screaming Frog SEO Spider for this task. While it does not integrate with SolarWinds I like the detail it provides Darragh https://www.screamingfrog.co.uk/seo-spider/
-
Hi There, The solution proposed by @aLTeReGo may be an option for you. Just watch that you don't overload the log files with file activity events. Windows seems to log hundreds events for basic operations. Another solution is to use a third party tool to monitor the file activity and trigger the event which could be…
-
Did you configure NetFlow on a router\switch to send flow data to the IP of your NTA server?
-
You can also passively identify XP clients by analyzing network traffic. This can be useful for tracking down systems with embedded operating systems. I often see things like hospital equipment running really old operating systems. I cover this off in the video below https://www.youtube.com/watch?v=oybbx4B_iA8
-
You could setup a SPAN port on the switch and use something like nprobe to convert this to flow data. You can SPAN the LAN extension port to another and this is where you connect your nprobe or other traffic analysis system
-
Hi There, I agree with donthomas, NetFlow will only focus on IP addresses, ports and traffic volumes. If you want to understand more about applications and users you need to look at network packets (deep packet inspection). To give you an idea what can be done we have integrated our LANGuardian product with Orion so that…
