13. Configuration » Components » Sensor Cluster

Sensor Cluster aggregates traffic data provided by Packet Sensors and Flow Sensors into a single anomaly detection domain and/or IP graphing domain.

To add a Sensor Cluster, click the [+] button found on the title bar of the Configuration » Components panel. To configure an existing Sensor Cluster, go to Configuration » Components, and click its name.

SENSOR_CLUSTER_CONFIGURATION8.01_png

Sensor Name – A short name to help you identify the Sensor Cluster
Server Color – Color used in graphs for the Sensor Cluster. The default color is a random one, which can be changed by clicking the drop-down menu
Reports Visibility – Toggles the listing inside Reports » Devices
Device Group – Optional description used to group up components (e.g. by location or role). It can be used to restrict the access of Guest accounts
Sensor Server – Which server runs the Sensor Cluster. It is recommended to run Sensor Clusters on the Console server. The configuration of servers is described in the Configuration » Servers chapter
Link Speed IN / OUT – Summed-up speeds (bandwidth, capacity) of the aggregated interfaces. These values can be used for percentage-based reports and percentage-based bits/s thresholds
Associated Sensors – Select which Sensor interfaces are aggregated by the Sensor Cluster
IP Zone – Sensor Cluster extracts from the selected IP Zone per-subnet settings about thresholds and/or IP graphing. For more information about IP Zones consult the dedicated chapter: Configuration » Network & Policy » IP Zone
IP Graphing – Select “Aggregated” to enable IP graphing by the Sensor Cluster for the summed up traffic data, and disable IP graphing by the associated Sensors. Select “Not Aggregated” to enable IP graphing by each associated Sensor and to disable IP graphing by the Sensor Cluster
Anomaly Detection – Select “Aggregated” to enable anomaly detection by the Sensor Cluster for the summed up traffic data, and disable anomaly detection by the associated Sensors. Select “Not Aggregated” to enable anomaly detection by each associated Sensor and to disable anomaly detection by the Sensor Cluster. Enable aggregation only when the associated Sensors use Wanguard licenses, not Wansight. Select “Duplicated” to enable anomaly detection in the summed up traffic data by the Sensor Cluster, and also to enable anomaly detection by associated Sensors
Comments – Comments about the Sensor Cluster can be saved here. These observations are not visible elsewhere

To start the Sensor Cluster, click the small on/off switch button displayed next to its name in Configuration » Components.

Ensure that the Sensor Cluster starts correctly by watching the event log (details in the Configuration » Schedulers » Event Reporting section) and by watching Reports » Devices » Overview.