No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Operation Guide 10

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Setting Monitoring Conditions

Setting Monitoring Conditions

After you set monitoring conditions as required, traffic information by a specific dimension is displayed on the Traffic Monitor page after traffic is sent to the NTC.

Process

Step

Description

1. Add an NTC.

The NTC receives and parses packets reported by various devices, aggregates the original packets, and transfers the aggregated files to the NTA.

2. Specify a device, an interface, an AP, and a VXLAN tunnel to monitor.

The NTC can collect traffic only from the device in Managed state and the interface, AP, and VXLAN tunnel in Monitor state.

NOTE:

The VXLAN Tunnel menu is available in the Oracle environment only.

3. Customize an application.

You can define the protocol, port, and IP address range to customize an application. If the port used by an application conflicts with the port defined by Internet Assigned Numbers Authority (IANA), an IP address range can be used to define the application, satisfying usage habits in different countries, regions, and industries. For example, the professional software PSIM uses port 3306, but it is the default port for MySQL. To prevent conflict with MySQL, you can define an application named PSIM and specify several IP address ranges that can use port 3306, so that eSight can identify this application by the IP address ranges.

Application customization can also be used to identify abnormal traffic and viruses. For example, you can define an application named Glacier Trojan to identify the application using port 7626 as the famous Glacier Trojan. Users can quickly identify abnormal traffic in the application traffic report.

4. Set groups for traffic monitoring.

You can add interfaces, applications, IP addresses, and differentiated services code points (DSCPs) to groups to facilitate traffic monitoring.

NOTE:

The IP-IP group applies to inter-domain traffic monitoring. The differences between an IP-IP group and an IP group are that: IP addresses in an IP group can both be the source or destination, but cannot in an IP-IP group. For example, if two IP addresses in an IP-IP group are both the source or destination address, traffic between the two IP addresses will not be displayed by the IP-IP group.

5. Set alarm thresholds.

You can set alarm thresholds and levels for selected monitored objects. If traffic of monitored objects exceeds the thresholds, eSight sends notifications to users through emails or SMS messages. Users can obtain alarm information and take measures in a timely manner.

6. Enable host name resolution.

After host name resolution is enabled, hosts in the traffic monitoring results by host (Traffic Monitor > Wired Network > Host) and conversation (Traffic Monitor > Wired Network > Conversation) are displayed by their names instead of IP addresses.

Translation
Download
Updated: 2019-09-07

Document ID: EDOC1100011877

Views: 313164

Downloads: 635

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next