23. 11. 2015 Sandro Santinato NetEye

Quanta banda utilizzano effettivamente i vostri servizi IT?

Nfdump mostra il traffico attraverso i dispositivi di rete e consente di visualizzare quanta banda è utilizzata per ogni singolo flusso. Questa potrebbe essere apparentemente un’informazione utile, ma in realtà, non è così significativa, infatti Nfdump elenca solamente i singoli flussi tra due porte (incluso il traffico generato) perciò è difficile capire a prima vista:

  • A quale servizio appartenga il flusso
  • Quanti flussi (e traffico) generino certi servizi
netflow data

Nfdump mostra solamente il traffico tra dispositivi di rete e visualizza quanta banda viene consumata per singolo flusso.

In realtà, vogliamo sapere quale servizio genera la maggior parte del traffico in certi periodi. Per riuscire a ricavare questa informazione, dobbiamo associare il singolo flusso a certi servizi. Come è possibile impostare queste configurazioni? – In base alle porte di rete possiamo identificare, quale flusso appartiene a quale servizio. Unendo tutti i flussi, che appartengono ad un servizio, possiamo vedere a colpo d’occhio quanta banda viene utilizzata da singolo servizio.

Traffic generated by different services

Traffico generato da diversi servizi

Abbiamo integrato una nuova funzionalità al modulo Reporting di NetEye che consente di visualizzare il traffico generato da diversi servizi IT. Questa funzionalità permette, nella sezione Top Flow Statistics e Top In/Out Flows, di classificare i flussi in base alle porte di rete e di associarli a specifici servizi (Come HTTP, IMAP, SMTP ecc.). Oltre ai servizi di rete di default, avete anche la possibilità di identificare i vostri servizi e di associarli a specifiche porte.

Esempio: Nella vostra rete, il sistema ERP (ad esempio SAP o Microsoft Dynamics) potrebbe utilizzare tutte le porte TCP dalla 50000 alla 59999 e perciò potreste avere la necessità di associare tutti quei flussi al servizio ERP. Per impostare questa configurazione, aprite “NetEye Reporting Settings” dal menù principale nella sezione Nfdump Settings, qui potrete trovare Set Nfdump aggregation services come mostrato nell’immagine sottostante.

Define Nfdump aggregations

Definire le aggregazioni Nfdump [1/2]

Il dialogo visualizzato consente di aprire un set di servizi già creato oppure di crearne uno nuovo, dove potrete specificare le porte che devono essere associate al nuovo servizio. Inoltre potrete scegliere di clonare un set di servizi già esistente semplicemente cliccando il bottone “clone”.

Define Nfdump aggregations [2/2]

Definire le aggregazioni Nfdump [2/2]

Una volta che avete definito il set di servizi potrete scegliere quale volete utilizzare nel vostro report (nella sezione Top Flow Statistics e Top In/Out).

Sandro Santinato

Sandro Santinato

Developer at Würth Phoenix
Hi, my name is Sandro and I am the youngest member of the Neteye team. I graduated in 2013 in Applied Computer Science at the Free University of Bolzano but I started working as software engineer at Würth-Phoenix already in May 2012. My main competence is the development and improvement of the “Real User Experience” solution.For me computer programming is not just work, but i like scripting and creating my own software also in my free time. Already as a child I was amazed by computers and their technology. So at the age of 12 I bought the book “C for dummies” and started learning programming on my own 🙂 Later on I discovered the open-source world and I started loving it from the first moment.In my free time I also like mountain biking, hiking, and of course playing the trombone in various music bands.

Author

Sandro Santinato

Hi, my name is Sandro and I am the youngest member of the Neteye team. I graduated in 2013 in Applied Computer Science at the Free University of Bolzano but I started working as software engineer at Würth-Phoenix already in May 2012. My main competence is the development and improvement of the “Real User Experience” solution.For me computer programming is not just work, but i like scripting and creating my own software also in my free time. Already as a child I was amazed by computers and their technology. So at the age of 12 I bought the book “C for dummies” and started learning programming on my own :-) Later on I discovered the open-source world and I started loving it from the first moment.In my free time I also like mountain biking, hiking, and of course playing the trombone in various music bands.

Latest posts by Sandro Santinato

15. 11. 2017 NetEye
Updated Package neteye-ocsng-2.1.2_neteye1.0.2-1 (for NetEye 3.11 + 3.10 + 3.9)
15. 11. 2017 NetEye
Updated Package neteye-ocsng-2.1.2_neteye1.0.2-1 (for NetEye 3.11 + 3.10 + 3.9)
15. 11. 2017 Downloads / Release Notes, NetEye
Updated Package neteye-ocsng-2.1.2_neteye1.0.2-1 (for NetEye 3.11 + 3.10 + 3.9)
15. 11. 2017 NetEye
Updated Package neteye-thruk-1.88.4_neteye1.4.21-1 (for NetEye 3.11)
15. 11. 2017 NetEye
Updated Package neteye-thruk-1.88.4_neteye1.4.21-1 (for NetEye 3.11)
See All

Related Content

Tags: , ,

11. 02. 2025 Development, Events, NetEye

Podman Quadlet: Simplifying Container Management with systemd

Just like last year, we had the wonderful opportunity to attend FOSDEM, the most important open source conference in Europe. This year was no exception, and among the many exciting talks, one that particularly caught my attention was Alex Stefanini’s Read More
31. 01. 2025 Log Management, Log-SIEM, NetEye

NFS and Elasticsearch: A Storage Disaster for Data but a Lifesaver for Snapshots

When designing an Elasticsearch architecture, choosing the right storage is crucial. While NFS might seem like a convenient and flexible option, it comes with several pitfalls when used for hosting live Elasticsearch data (hot, warm, cold, and frozen nodes). However, Read More
29. 12. 2024 Log-SIEM, NetEye

How to Configure Kibana to Use a Proxy Server with a Certificate via the NODE_EXTRA_CA_CERTS Variable

When using Kibana in environments that require a proxy to reach external services, you might encounter issues with unrecognized SSL certificates. Specifically, if the proxy is exposed with its own certificate and acts as an SSL terminator, requests made by Read More
27. 12. 2024 APM, Development, Log-SIEM, NetEye

Elastic Universal Profiling – Profiling native code

In a previous post we went through the configuration of Elastic Universal Profiling in NetEye, seeing how we can profile applications written in programming languages that do not compile to native code (for example Python, PHP, Perl, etc.) But what Read More
23. 12. 2024 APM, Development, Log-SIEM, NetEye

Continuous Profiling with NetEye – Elastic Universal Profiling

Elastic 8.16, which comes with NetEye 4.39, made Elastic Universal Profiling generally available for self-hosted installations. This means that NetEye SIEM installations will now be able to take advantage of the continuous profiling solution by Elastic. In this blog post Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive