Flows¶

Reports » Tools contains a link to the Flows item only when there is at least one Flow Sensor defined. Here you can list, aggregate, filter and sort flow records, or generate traffic tops and statistics.

There are 2 sub-tabs, located at the left lower side of the window:

19.1. Flow Records¶

Here you can list and filter flow data.

● Sensor Interfaces – Select the interfaces you are interested in. Administrators can restrict the interfaces visible by guest accounts

● Flow Filtering Expression – Here you can enter a filtering expression for flows. Click the star icon on the right to open a window that shows you the correct syntax. Frequently-used filtering expressions can be saved there and reused at any later time

● Export – If the output is not very large, it can be viewed in several formats such as HTML, TXT, JSON or CSV, converted to PDF, emailed or printed. If you need to list huge amounts of flow data, doing it solely from the web browser may not be a good idea because the page will timeout after a few minutes. In this case, select the “CLI” option to view the shell command used for listing flows. You can then execute the command from the shell and forward the output to a file

● Time Range – Select a predefined time range, or select “Custom…” to enter a specific time interval, in order to list flows that started or ended inside that interval. Time zone differences between the Console server and remote Flow Sensor servers are not adjusted automatically

● Limit – Show only the first N flows

● Aggregation – By default, flows are not aggregated. By checking the appropriate options, you can select how to aggregate flows. You can aggregate entire subnets by selecting src(dst)IPv4(IPv6)/<subnet bits>

● Sorting – When listing flows sent from different interfaces, you can sort them after to the start time of the flows. Otherwise, flows are listed in the sequence of the selected interfaces

● Display – You can select several predefined output formats, or you can enter your own format by selecting “Custom…”. Each predefined output format changes the options from the Display Options menu

● Display Options – Here you can select how to display several columns. Select the Include Unmonitored Ifs checkbox if you want to include flow data generated by the interfaces that are not monitored by Flow Sensor

19.2. Flow Tops¶

Here you can generate tops from flow data.

● Sensor Interfaces – Select the interfaces you are interested in. Administrators can restrict the interfaces visible by guest accounts

● Flow Filtering Expression – Here you can enter a filtering expression for flows. Click the star icon on the right to open a window that shows you the correct syntax. Frequently-used filtering expressions can be saved there and reused at any later time

● Top Type – Select the desired top type from the drop-down menu

● Order By – Select the sorting unit

● Export – If the output is not very large, it can be viewed in several formats such as HTML, TXT, JSON or CSV, converted to PDF, emailed or printed. If you need to list huge amounts of top data, doing it solely from the web browser may not be a good idea because the page will timeout after a few minutes. In this case, select the “CLI” option to view the shell command used for generating the top. You can then execute the command from the shell and forward the output to a file

● Time Range – Select a predefined time range, or select “Custom…” to enter a specific time interval, in order to count only flows that started or ended inside the interval. Time zone differences between the Console server and remote Flow Sensor servers are not adjusted automatically

● Top – Limit the top listing to the first N records

● Aggregation – By default, flows are not aggregated. By checking the appropriate options, you can select how to aggregate flows. You can aggregate entire subnets by selecting src(dst)IPv4(IPv6)/<subnet bits>

● Limit – Limit the output to only those records whose packets or bytes match the specified condition

● Display – You can select several predefined output formats, or you can enter your own format by selecting “Custom…”. Each predefined output format changes the options from the Display Options menu

● Display Options – Here you can select how to display several columns. Select the Include Unmonitored Ifs checkbox if you want to include flow data generated by the interfaces that are not monitored by Flow Sensor