No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00SPC200, 300, and 500 Operation Guide 09

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Setting Monitoring Conditions

Setting Monitoring Conditions

After you set monitoring conditions as required, traffic information by a specific dimension is displayed on the Traffic Monitor page after traffic is sent to the NTC.

Process

Step

Description

1. Add an NTC.

The NTC receives and parses packets reported by various devices, aggregates the original packets, and transfers the aggregated files to the NTA.

2. Specify a device, an interface, an AP, and a VXLAN tunnel to monitor.

The NTC can collect traffic only from the device in Managed state and the interface, AP, and VXLAN tunnel in Monitor state.

NOTE:

The VXLAN Tunnel menu is available in the Oracle environment only.

3. Customize an application.

You can define the protocol, port, and IP address range to customize an application. If the port used by an application conflicts with the port defined by Internet Assigned Numbers Authority (IANA), an IP address range can be used to define the application, satisfying usage habits in different countries, regions, and industries. For example, the professional software PSIM uses port 3306, but it is the default port for MySQL. To prevent conflict with MySQL, you can define an application named PSIM and specify several IP address ranges that can use port 3306, so that eSight can identify this application by the IP address ranges.

Application customization can also be used to identify abnormal traffic and viruses. For example, you can define an application named Glacier Trojan to identify the application using port 7626 as the famous Glacier Trojan. Users can quickly identify abnormal traffic in the application traffic report.

4. Set groups for traffic monitoring.

You can add interfaces, applications, IP addresses, and differentiated services code points (DSCPs) to groups to facilitate traffic monitoring.

NOTE:

The IP-IP group applies to inter-domain traffic monitoring. The differences between an IP-IP group and an IP group are that: IP addresses in an IP group can both be the source or destination, but cannot in an IP-IP group. For example, if two IP addresses in an IP-IP group are both the source or destination address, traffic between the two IP addresses will not be displayed by the IP-IP group.

5. Set alarm thresholds.

You can set alarm thresholds and levels for selected monitored objects. If traffic of monitored objects exceeds the thresholds, eSight sends notifications to users through emails or SMS messages. Users can obtain alarm information and take measures in a timely manner.

6. Enable host name resolution.

After host name resolution is enabled, hosts in the traffic monitoring results by host (Traffic Monitor > Wired Network > Host) and conversation (Traffic Monitor > Wired Network > Conversation) are displayed by their names instead of IP addresses.

Adding a Collector

  1. Choose Resource > Network > Network Traffic Analysis > Traffic Config from the main menu.

  2. Choose Basic Config > Collector, click Add, and set collector parameters.

Specifying a Device, an Interface, an AP, and a VXLAN Tunnel to Monitor

  1. Choose Resource > Network > Network Traffic Analysis > Traffic Config from the main menu.

  2. Perform corresponding operations based on the site requirements.

    Task

    Operation

    Specify a device to monitor.

    Choose Basic Config > Device from the navigation tree on the left and enable or disable traffic monitoring on a device.

    Specify an interface to monitor.

    Choose Basic Config > Interface from the navigation tree on the left and enable or disable traffic monitoring on an interface.

    NOTE:

    The sampling ratio of the interface must be the same as that on the device. Otherwise, traffic statistics are incorrect.

    Specify an AP to monitor.

    Choose Basic Config > AP from the navigation tree on the left and enable or disable traffic monitoring on an AP.

    NOTE:

    The sampling ratio of the AP must be the same as that on the device. Otherwise, traffic statistics are incorrect.

    Specify a VXLAN tunnel to monitor.

    Choose Basic Config > VXLAN Tunnel from the navigation tree on the left and enable or disable traffic monitoring on a VXLAN tunnel.

Customizing an Application

  1. Choose Resource > Network > Network Traffic Analysis > Traffic Config from the main menu.

  2. Choose Advanced Config > Application, click Create, and set related parameters.

Setting Groups to Monitor

  1. Choose Resource > Network > Network Traffic Analysis > Traffic Config from the main menu.

  2. Perform corresponding operations based on the site requirements.

    Task

    Operation

    Configure an interface group.

    Choose Group Config > Interface Group, click Create, and set interface group parameters.

    Configure an application group.

    Choose Group Config > Application Group from the navigation tree on the left, click Create, and set application group parameters.

    Configure an IP group.

    Choose Group Config > IP Group from the navigation tree on the left, click Create, and set IP group parameters.

    Configure an IP-IP group.

    Choose Group Config > IP Group-IP Group from the navigation tree on the left, click Create, and set IP-IP group parameters.

    Configure a DSCP group.

    Choose Group Config > DSCP Group from the navigation tree on the left, click Create, and set DSCP group parameters.

Setting Alarm Thresholds

  1. Choose Resource > Network > Network Traffic Analysis > Traffic Config from the main menu.

  2. Choose Advanced Config > Alarm, click Create, and set thresholds for alarm generation and recovery.

Enabling Host Name Resolution

By default, domain name system (DNS) resolution and network basic input/output system (NetBIOS) resolution have been disabled. The system performs DNS resolution preferentially. If DNS resolution fails, the system performs NetBIOS resolution.

Ensure that the following conditions are met before you enable host name resolution:

  1. (Optional) Set the DNS service and NetBIOS service.

    • Enable the DNS service.
      • Setting the DNS client in Windows Server 2012
        1. Log in to the Windows Server 2012 operating system using the administrator account.
        2. Choose Startup > Control Panel and click Network and Internet in the control panel.
        3. In the Network and Sharing Center area, click View network status and tasks.
        4. Choose Change adapter settings from the navigation tree on the left.
        5. Double-click the local connection in Enabled state.
        6. In the Local Area Connection Status dialog box, click Properties.

        7. In the Local Area Connection Status Properties dialog box, select Internet Protocal Version 4(TCP/IPv4) and click Properties.

        8. Select Use the following DNS server addresses and enter the DNS server address in Preferred DNS server.

      • Setting the DNS service in Linux
        1. Log in to the Linux server as the root user.
        2. Choose Computer > Network Settings. The Network Settings dialog box is displayed.
        3. Click the Hostname/DNS tab, and enter the DNS server address in Name Server 1 under Name Servers and Domain Search List.

    • Start the NetBIOS service.
      1. Choose Start > Control Panel and click Network and Sharing Center in the control panel.
      2. In the View your active networks area, click Local Area Connection.
      3. In the Local Area Connection Status dialog box, click Properties.
      4. In the Local Area Connection Status Properties dialog box, select Internet Protocal Version 4(TCP/IPv4) and click Properties.
      5. On the General tab, click Advanced.

      6. In the Advanced TCP/IP Setting dialog box that is displayed, click the WINS tab and select Enable NetBIOS over TCP/IP under NetBIOS setting.

  2. Choose Resource > Network > Network Traffic Analysis > Traffic Config from the main menu.

  3. Choose Advanced Config > Host Name Resolution, enable DNS resolution and NetBIOS resolution, and set related update intervals.

    If DNS Server Status is displayed as Incorrect DNS Configuration, re-configure the DNS server address and click Detect. Check DNS Server Status again.

    If DNS Server Status is displayed as DNS server connection failure, perform the following operations and click Detect. Check DNS Server Status again.

    • Check the DNS configuration of the eSight server.
    • Check the network connection between the eSight server and DNS server.
    • Check the running status of the DNS server.

Translation
Download
Updated: 2019-09-12

Document ID: EDOC1100044378

Views: 70451

Downloads: 373

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next