Comments
-
Hi There, When you say you want to monitor the network, is it the LAN, WAN or both? If its the WAN then you need to look at something like SolarWinds NTA which takes flow data from routers and some switches which support features like NetFlow. This flow data can then be used to show peaks in network usage. If you are…
-
Hi There, I am guessing you are looking for something that will give you total data per user over a selected time period. To do this you will need two sources of data. Firstly you could get the data quantities from something like SolarWinds NTA or if you don't have flow options you could look at setting up a SPAN port at…
-
Hi There, If you are using NetFlow version 5 then the following fields are available when you drilldown within NTA * Source IP address * Destination IP address * IP protocol * Source port for UDP or TCP, 0 for other protocols * Destination port for UDP or TCP, type and code for ICMP, or 0 for other protocols * IP Type of…
-
Hi There, File activity monitoring is a very interesting subject. As soon as something goes missing everyone wants to know where did it go and who accessed it. As aLTeReGo mentions there is a route to the answer with log files. As a former network admin who looked at this I would suggest you test the logging of events…
-
Hi string6 The problem with flow analysis is that it is doing a reverse lookup on the IP addresses and it is getting your ISP domain names. The only way around this from what I know is to deploy deep packet inspection which can look at the HTTP headers and extract the actual domain names. See below for a video which shows…
-
Hi arh95 Maybe try out a trial of our LANGuardian product. It uses packet capture as a data source and should be able to tell what application is behind that cloudfront traffic. Online demo here if you want a test drive: https://demo.netfort.com/dashboard/dashboard.cgi?did=4 The 30 trial is not restricted so it should give…
-
Deverts is correct, you will need some form of flow analysis. If the switch connecting the servers is layer 3 aware it may have NetFlow options. You just need to install NTA, specify the NTA server as a flow collector on the switch and then enable NetFlow monitoring on each switch port that you want to monitor.. If you do…
-
Hi There, I think you may have an issue with NTA as it focuses more on interfaces and IP addresses so its hard to group things by user or department. Are you planning to setup groups yourself or do you envisage integration with something like Active Directory so that you can use the existing users and groups? Also, when…
-
I’m not sure NTA or any similar type tool based on Neflow can give you the visibility you need because they are Netflow based and do not look inside the packets. But I’m not an NTA expert and with some configuration you may be able to get the info you need. Netflow can be very limited when trying to really understand what…
-
Hi jkoelker One option you have is to use a SPAN or mirror port to get a copy of the traffic going to\from Internet. A traffic analysis tool could then use this data source to calculate utilization. I have worked with a number of K12 districts to set up reports and traffic graphs to show bandwidth utilization at the edge,…
-
Hi Bob, One way to do this is to monitor the network traffic on the interface and passively capture the encryption and cipher metadata. Not sure how you would do this natively in SolarWinds products but we have support for this in our LANGuardian application. More in this blog post We also have these online demo systems if…
-
Hi There, It just depends how much detail you need to identify the bandwidth issue. NPM which has being mentioned already is good at using SNMP to read values from your network devices. One of the most commonly used values is bps of an interface. You can use this to create alerts when bandwidth goes over certain levels.…
-
Hi There, First up I am not sure about an answer to your question but I'm sure someone will be along shortly with an answer. If you are looking for an option while you are waiting for Linux agents we have a product called LANGuardian which also does deep packet inspection and it can be integrated with Orion. The 30 day…
-
Hi reply.prak, You have a couple of options. * Update to NPM 11 and use the deep packet inspection feature. You will need to use the network packet sensor and connect to a SPAN port * If you can configure NetFlow (or some other flow standard) on your ISP routers you could use a product like SolarWinds NTA * Install…
-
Based on the responses so far it looks like you can do it with your current toolset. If you do get stuck, you could use something like our own LANGuardian product to report on DNS servers by looking at packet payloads. Sample report here, click on the totals to see what client is using what DNS server and you can also see…
-
Hi There, We have developed a tool called the LANGuardian which can operate standalone or it can be integrated with Orion. You can see a standalone version of it in operation here. It uses a SPAN port instead of flow data so in your case you would need to SPAN the internal interface of the firewall which links your…
-
Hi There, You also have the option of using a SPAN port off the switch. Use nprobe to convert this to flow traffic or use DPI tools to analyze this traffic and then display in Orion Darragh
-
If you need something in the meantime you could check out LANGuardian. It captures file activity from network traffic so you don't need to worry about auditing on your file servers. Demo available here. Maybe the trial version would suffice while you are waiting for an update for LEM. LANGuardian can be integrated with the…
-
Hi There, We develop a product called LANGuardian which integrates with the Orion platform. It runs a traffic analysis engine and Snort IDS in parallel. When it comes to the Orion integration you can get it to send events via syslog or display data directly using a REST API. The video below shows it working with Solarwinds…
-
Hi There, If you are looking for something which alerts when a completely new device connects to your network then I think you need to focus on alerting based on MAC addresses. You could get MAC address information from your DHCP logs or from a SPAN port connected to your core switch(es) which will pick up on the devices…
-
Hi Ahmad, You have two options here. If the server is connected to a layer 3 switch then you may be able to get NetFlow which can be used to monitor the traffic going to and from the server. Alternatively, you can also use a SPAN or mirror port on the switch that connects your servers. Almost all managed switches will have…
-
Hi There, I think the tricky bit will be setting something up to look within the file. Just to throw another option out there we have a system called LANGuardian which uses network traffic as a data source (SPAN\Mirror port or promcious mode on a vSwitch). It can extract metadata from the traffic so that you can see who is…
-
Hi bardeev If the certs are at rest then you will need to check them locally. If users are accessing that server across the network then you can pick up the cert expiration date from network traffic. We have an example of this in our own product called LANGuardian. You may be able to do similar things with other systems…
-
Hi t3telecom Even if your switch does not have flow features you still have a couple of options. Cisco switches support SPAN sessions and this means you can either mirror ports or VLANs to one or more ports. Lets say you want to monitor VLAN 1 and you have a sniffer (more about this below) connected to port 10. To get…
-
Hi Peter, SolarWinds have a NTA product which will accept flow data but as far as I know it will not allow you to associate this activity with usernames. I stand to be corrected on this but I think user names are only available in the user device tracker product which is more about tracing ports and which users are…
-
I am no expert on logging for the NetApp Clustered Data ONTAP platform but this could be an option if you cannot get log files. We develop a software solution called LANGuardian. It uses network packets as a data source and extracts file activity information from this. Typically it is installed on a virtual or physical…
-
Hi There, I ran a quick test here with a Win 7 client (192.168.181.139) running Autocad and the CadWorx overlay. The image below shows what network activity was associated with the client when Autocad and the CadWorx appplications were running. From an application point of view (1) I did not see anything unusual. Some file…
-
We develop a deep packet inspection system called LANGuardian and I am going to have a look at this traffic in the lab. The main thing I want to check is what our application recognition engine makes of it as it uses different techniques to distinguish between binary and textual protocols. I will publish the results here…
-
Hi astral If you need a bit more detail above what NTA and NPM 11 will give, you could also try LANGuardian. Like NPM 11 it uses deep packet inspection but it also pulls other metadata like file names and URI resource names. Have a look at it in action at this link which shows the integration with Orion. Click on the…
-
Hi james00000007 The first thing to figure out would be is the issue down to a reporting glitch or is it some strange traffic on your network. You could setup a SPAN\mirror port on the switch which connects your site router(s). Then install a trial version of LANGuardian which will do deep packet inspection on the…
