This
blog give you a detail information on RAW data and its uses in
NetFlow Analyzer.
NetFlow
Analyzer stores two types of data i.e. Raw data and Aggregated data.
Raw data pertains to each and every flow information that is been
exported from the devices. This contains information such as TCP
flag, Number of packets, Next hop information along with Port,
protocol and the IP addresses.
Aggregated
data pertains to the top 100 flows (all fields in NetFlow data
exported) based on the bytes for every interface for every 10 minute
interval. Older data is repeatedly rolled up into less granular times
(10 minute, 1 hour, 6 hour, 24 hour and weekly).
As
Raw data contains each and every flow information this consumes huge
disk space. You can store the raw data based on the flow rate and the
disk space available in the server and so is set to be stored for
maximum of 30 days . To make it simple NetFlow Analyzer itself
display the flow rate and the time period you can store the raw data.
You can view this information by navigating to Admin → Raw Data
Settings as shown below:
In
this page you can also trigger alert if the free disk space goes
below threshold limit and to automatically delete the older raw data
when disk space goes below a specified percentage.
The
raw data is used in the product when generating ‘Troubleshoot’
reports and the last 2 hours reports will be generated from the raw
data. The raw data has complete port level information which helps in
detailed analysis of traffic.
Last
2 hour Reports:
In
NetFlow Analyzer for the time period like 15, 30 minutes and last
hour information will be queried from RAW data. From this selected
period of time you can expand the show data point under the traffic
tab to view the link utilization for each minute.
If
you wanted to have a look at a minute data you can click on the hyper
link available for that time period. This will display all the
conversation happened during that minute. You can export the
information in a PDF or CSV format, even you can email the report.
Note:
Hyper link will not be available if it exceed the Raw data storage
time period.
Troubleshooting
report:
To
Generate Troubleshooting report Drill down to an interface, click on
More Report → Troubleshooting report.
In
this report you can enter in source and destination IP Addresses or
the protocol, to view the amounted of data transferred from the
selected period of time.
To
find the amount of data transferred between to two host for the
selected period of time, you can add criteria and specify the IP
addresses and select ‘Match all the following. This will display each
and every conversation happened between the two host. You can also
add the port or the Application you wanted to have a look. By this
you can find out the information passed between them.
Hope
this helps
Arun Karthik Asokan
NetFlow Analyzer
Technical Team
Download | Interactive
Demo | Twitter |
Customers
You Can Learn More About the ManageEngine Product Line By Going to manageengine.optrics.com
The original article/video can be found at Overview on Raw data in NetFlow Analyzer