I require a report that will identify what impact a new application using a specific port has on the bandwidth availability for that site. So for example the report would need to report on:
1) Specific traffic port TCP 1494 (CITRIX TRAFFIC - ICA)
2) Specific time (business hour time)
3) specific remote site
4) reflects percentage and how much data consumed over wan bandwidth
5) sampling rate at per min or the minimal that we can get as much detail as possible
6) If possible show each users or device percentage used on the available bandwidth at the time
Essentially i need this to provide accurate reporting on new applications introduced into our network so that i can say if that application will impact the site 512k/512k available bandwidth at most small sites.
To be Frank, I haven't done anything with the NetFlow module - I've only done basic research.
Perhaps you could expand reporting into the areas of traffic analysis at a lower level than just looking at the top talkers or highest traffic levels. From what I've seen of the features of ManageEngine's NetFlow Analyzer, it appears possible to dig down into the low-level figures.
Our network is heavily firewalled. Reporting on attempted connections would be a useful addition - it looks like Orion's NetFlow discards uncommon flows below a particular threshold.
For example, a daily report of hosts attempting to communicate on port 25 would be useful to spot users potentially infected with malware, or it might indicate any hosts are potentially attempting to do other unacceptable things. The same goes for common file sharing ports, or other ports of interest (VPN, 8080, etc).
Reporting on hosts connecting to more than X peers would also be good. It would be even better if it would only include hosts which haven't been included in any of the previous Y reports, so that it will only alert for new hosts and will never (after the first few reports) include major file servers. I realise that this would involve data storage changes though.
Perhaps I'm thinking more along the lines of firewall log aggregation rather than "proper" netflow use cases, but it's what would be cool for me.
@smargh - I like where you are going with this. The Manage Engine "Security Snapshot" and it's underlying views would be very useful.
Since we have a proxy server sitting between users and the firewall, if there were some way to follow traffic from the end node through the proxy and out to the firewall, that would be incredible. I know the connection is terminated on the proxy, but even if we could see that there is high utilization between firewall and proxy and a corresponding high utilization between proxy and end node, that would help us quickly pinpoint the abuser. We can sort of do this now but it is a multi step process. We are open to suggestions if there is a better way now to do this.
One report or view that I'm not seeing is the ability to aggregate data from all netflow sources for a single ip group.
Top XX charts for instance by defined ip group for instance would be helpful. Drilling down from the current TopXX into a group and then having to select from netflow source is cumbersome when mining for data.
Reporting for defined IP groups also seems to be lacking in 3.6 but would be most helpful.
I have been trying to create a report for AVG Bandwidth Utilization by month for two or three days now. Can't get it work. Any ideas? Is the functionality there and I am missing something?
The existing CBQoS reporting is handy, but enriching that would certainly be beneficial (per policy, site comparison, load vs drop things).
On the QoS front being able to have the NTA offer some policy suggestions based on traffic flow data would also be good. I mean I realise you can sort of do that now if you leverage the right data but there is no "automated" option I've seen by which you can track a dataset and a protocol class (like RTP Audio or a suite that uses multiple ports) and have that compare to a policy pulled via SNMP and use that in a baseline/threshold calculation and suggest a policy adjustment. AutoQoS has its issues and whilst a proficient engineer could work it out, a business user might struggle more? Just a thought, I realise I'm spitballing a bit (you should see the number of whiteboards I get through :D)
Being able to segment network areas into zones or domains (which may be possible now, i'll admit I haven't tried it) would also be using it. The ability to group functional areas for Orion is good but giving MPLS vs Hosting transit domains would help some of my customers (as a loose example).
On the whole to be honest, its great already... I haven't played with it much on the template exports like IPFIX (most of my users are languishing in version5 netflow and jflow) so any work you can leverage with that (as the data sets it can theoretically collect according to IANA are huge).
Cheers! Keep up the awesome work!
I know it's a little more than a report but still excited about:
Thanks for your constant attention the NTA and sign me up immediately for the next beta of NTA... the NTA3.6RC was a very positive experience... and big improvementI think I may tie-dye my SW Tshirt too :}
We have a requirement which includes the following:
--We have availability reports named and setup for each month of the year.
--We would like to be able to schedule those reports to be sent via email either on the last day of the month, or the first day of the following month.
--Also, these reports need to be displayed in Excel and attached to email, because we have plain text email requirement.
--Also, if we could have an "export to EXCEL" button on the reports page, that would be great.
Can you elaborate on exactly what you'd like to see (e.g. what columns) and what options you'd want to be able to filter by?
We already have a Top Conversations report in NTA 3.6. Is it not providing what you're looking for?
I would like to be able to filter especially custom filter by any/all avialable columns. For example all of our laptop names begin with "L" and "D" for desktops. If I want to only see desktops that are communicating with a certain server on specific ports between time A and B at a certain site in our global network.
Filters [Just an Easy Example]:
Show only desktops: D*
On Ports: 250-700
Specific Server: XYZServer
Start Time: 8:00 am
End Time: 11:00 am
Site: traversing SwitchABC
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.