- 1 Welcome to Vunetrix Network Monitor+
- 2 Quick Start Guide+
- 3 Installing the Software+
- 4 Understanding Basic Concepts+
- 5 Ajax Web Interface—Basic Procedures+
- 5.1 Login
- 5.2 SSL Certificate Warning
- 5.3 General Layout
- 5.4 Sensor States
- 5.5 Review Monitoring Data
- 5.6 Compare Sensors
- 5.7 Historic Data Reports
- 5.8 Similar Sensors
- 5.9 Object Settings
- 5.10 Alarms
- 5.11 Logs
- 5.12 Tickets
- 5.13 Working with Table Lists
- 5.14 Object Selector
- 5.15 Priority and Favorites
- 5.16 Pause
- 5.17 Context Menus
- 5.18 Hover Popup
- 5.19 Main Menu Structure
- 6 Ajax Web Interface—Device and Sensor Setup+
- 6.1 Auto-Discovery
- 6.2 Create Objects Manually+
- 6.3 Manage Device Tree
- 6.4 Root Group Settings
- 6.5 Probe Settings
- 6.6 Group Settings
- 6.7 Device Settings
- 6.8 Sensor Settings+
- 6.8.1 List of Available Sensor Types
- 6.8.2 Active Directory Replication Errors Sensor
- 6.8.3 ADO SQL Sensor
- 6.8.4 Amazon CloudWatch Sensor
- 6.8.5 AVM FRITZ!Box WAN Interface Sensor
- 6.8.6 Cisco IP SLA Sensor
- 6.8.7 Citrix XenServer Host Sensor
- 6.8.8 Citrix XenServer Virtual Machine Sensor
- 6.8.9 Cluster Probe Health Sensor
- 6.8.10 Core Health Sensor
- 6.8.11 Dell PowerVault MDi Sensor
- 6.8.12 DHCP Sensor
- 6.8.13 DNS Sensor
- 6.8.14 Enterprise Virtual Array Sensor
- 6.8.15 Event Log (Windows API) Sensor
- 6.8.16 Exchange Backup (Powershell) Sensor
- 6.8.17 Exchange Database (Powershell) Sensor
- 6.8.18 Exchange Mailbox (Powershell) Sensor
- 6.8.19 Exchange Mail Queue (Powershell) Sensor
- 6.8.20 Exchange Public Folder (Powershell) Sensor
- 6.8.21 EXE/Script Sensor
- 6.8.22 EXE/Script Advanced Sensor
- 6.8.23 File Sensor
- 6.8.24 File Content Sensor
- 6.8.25 Folder Sensor
- 6.8.26 FTP Sensor
- 6.8.27 FTP Server File Count Sensor
- 6.8.28 Google Analytics Sensor
- 6.8.29 HTTP Sensor
- 6.8.30 HTTP Advanced Sensor
- 6.8.31 HTTP Apache ModStatus PerfStats Sensor
- 6.8.32 HTTP Apache ModStatus Totals Sensor
- 6.8.33 HTTP Content Sensor
- 6.8.34 HTTP Full Web Page Sensor
- 6.8.35 HTTP Push Count Sensor
- 6.8.36 HTTP Push Data Sensor
- 6.8.37 HTTP Push Data Advanced Sensor
- 6.8.38 HTTP SSL Certificate Expiry Sensor
- 6.8.39 HTTP Transaction Sensor
- 6.8.40 HTTP XML/REST Value Sensor
- 6.8.41 Hyper-V Cluster Shared Volume Disk Free Sensor
- 6.8.42 Hyper-V Host Server Sensor
- 6.8.43 Hyper-V Virtual Machine Sensor
- 6.8.44 Hyper-V Virtual Network Adapter Sensor
- 6.8.45 Hyper-V Virtual Storage Device Sensor
- 6.8.46 IMAP Sensor
- 6.8.47 INI File Content Check Sensor
- 6.8.48 IP on DNS Blacklist Sensor
- 6.8.49 IPFIX Sensor
- 6.8.50 IPFIX (Custom) Sensor
- 6.8.51 jFlow V5 Sensor
- 6.8.52 jFlow V5 (Custom) Sensor
- 6.8.53 LDAP Sensor
- 6.8.54 Microsoft SQL Sensor
- 6.8.55 MySQL Sensor
- 6.8.56 NetFlow V5 Sensor
- 6.8.57 NetFlow V5 (Custom) Sensor
- 6.8.58 NetFlow V9 Sensor
- 6.8.59 NetFlow V9 (Custom) Sensor
- 6.8.60 Oracle SQL Sensor
- 6.8.61 Packet Sniffer Sensor
- 6.8.62 Packet Sniffer (Custom) Sensor
- 6.8.63 Passive Application Performance Sensor
- 6.8.64 PerfCounter Custom Sensor
- 6.8.65 PerfCounter IIS Application Pool Sensor
- 6.8.66 Ping Sensor
- 6.8.67 Ping Jitter Sensor
- 6.8.68 Pingdom Sensor
- 6.8.69 POP3 Sensor
- 6.8.70 POP3 Email Count Sensor
- 6.8.71 Port Sensor
- 6.8.72 Port Range Sensor
- 6.8.73 Probe Health Sensor
- 6.8.74 QoS (Quality of Service) One Way Sensor
- 6.8.75 QoS (Quality of Service) Round Trip Sensor
- 6.8.76 RADIUS Sensor
- 6.8.77 RDP (Remote Desktop) Sensor
- 6.8.78 SCVMM Host Sensor
- 6.8.79 SCVMM Virtual Machine Sensor
- 6.8.80 Sensor Factory Sensor
- 6.8.81 sFlow Sensor
- 6.8.82 sFlow (Custom) Sensor
- 6.8.83 SFTP Secure File Transfer Protocol Sensor
- 6.8.84 Share Disk Free Sensor
- 6.8.85 SIP Options Ping Sensor
- 6.8.86 SMTP Sensor
- 6.8.87 SMTP&IMAP Round Trip Sensor
- 6.8.88 SMTP&POP3 Round Trip Sensor
- 6.8.89 SNMP APC Hardware Sensor
- 6.8.90 SNMP Cisco ADSL Sensor
- 6.8.91 SNMP Cisco ASA VPN Connections Sensor
- 6.8.92 SNMP Cisco ASA VPN Traffic Sensor
- 6.8.93 SNMP Cisco ASA VPN Users Sensor
- 6.8.94 SNMP Cisco CBQoS Sensor
- 6.8.95 SNMP Cisco System Health Sensor
- 6.8.96 SNMP Cisco UCS Chassis Sensor
- 6.8.97 SNMP Cisco UCS Physical Disk Sensor
- 6.8.98 SNMP Cisco UCS System Health Sensor
- 6.8.99 SNMP CPU Load Sensor
- 6.8.100 SNMP Custom Sensor
- 6.8.101 SNMP Custom String Sensor
- 6.8.102 SNMP Dell Hardware Sensor
- 6.8.103 SNMP Dell PowerEdge Physical Disk Sensor
- 6.8.104 SNMP Dell PowerEdge System Health Sensor
- 6.8.105 SNMP Disk Free Sensor
- 6.8.106 SNMP GSA System Health Sensor
- 6.8.107 SNMP Hardware Status Sensor
- 6.8.108 SNMP HP LaserJet Hardware Sensor
- 6.8.109 SNMP HP ProLiant Logical Disk Sensor
- 6.8.110 SNMP HP ProLiant Memory Controller Sensor
- 6.8.111 SNMP HP ProLiant Network Interface Sensor
- 6.8.112 SNMP HP ProLiant Physical Disk Sensor
- 6.8.113 SNMP HP ProLiant System Health Sensor
- 6.8.114 SNMP IBM System X Logical Disk Sensor
- 6.8.115 SNMP IBM System X Physical Disk Sensor
- 6.8.116 SNMP IBM System X Physical Memory Sensor
- 6.8.117 SNMP IBM System X System Health Sensor
- 6.8.118 SNMP interSeptor Pro Environment Sensor
- 6.8.119 SNMP LenovoEMC Physical Disk Sensor
- 6.8.120 SNMP LenovoEMC System Health Sensor
- 6.8.121 SNMP Library Sensor
- 6.8.122 SNMP Linux Disk Free Sensor
- 6.8.123 SNMP Linux Load Average Sensor
- 6.8.124 SNMP Linux Meminfo Sensor
- 6.8.125 SNMP Linux Physical Disk Sensor
- 6.8.126 SNMP Memory Sensor
- 6.8.127 SNMP NetApp Disk Free Sensor
- 6.8.128 SNMP NetApp Enclosure Sensor
- 6.8.129 SNMP NetApp I/O Sensor
- 6.8.130 SNMP NetApp License Sensor
- 6.8.131 SNMP NetApp Logical Unit Sensor
- 6.8.132 SNMP NetApp Network Interface Sensor
- 6.8.133 SNMP NetApp System Health Sensor
- 6.8.134 SNMP Poseidon Environment Sensor
- 6.8.135 SNMP QNAP Logical Disk Sensor
- 6.8.136 SNMP QNAP Physical Disk Sensor
- 6.8.137 SNMP QNAP System Health Sensor
- 6.8.138 SNMP RMON Sensor
- 6.8.139 SNMP SonicWALL System Health Sensor
- 6.8.140 SNMP SonicWALL VPN Traffic Sensor
- 6.8.141 SNMP Synology Logical Disk Sensor
- 6.8.142 SNMP Synology Physical Disk Sensor
- 6.8.143 SNMP Synology System Health Sensor
- 6.8.144 SNMP System Uptime Sensor
- 6.8.145 SNMP Traffic Sensor
- 6.8.146 SNMP Trap Receiver Sensor
- 6.8.147 SNMP Windows Service Sensor
- 6.8.148 SNTP Sensor
- 6.8.149 SSH Disk Free Sensor
- 6.8.150 SSH INodes Free Sensor
- 6.8.151 SSH Load Average Sensor
- 6.8.152 SSH Meminfo Sensor
- 6.8.153 SSH Remote Ping Sensor
- 6.8.154 SSH SAN Logical Disk Sensor
- 6.8.155 SSH SAN Physical Disk Sensor
- 6.8.156 SSH SAN System Health Sensor
- 6.8.157 SSH Script Sensor
- 6.8.158 SSH Script Advanced Sensor
- 6.8.159 SSH VMWare ESX(i) Disk Sensor
- 6.8.160 Syslog Receiver Sensor
- 6.8.161 System Health Sensor
- 6.8.162 TFTP Sensor
- 6.8.163 Traceroute Hop Count Sensor
- 6.8.164 Virtuozzo Container Disk Sensor
- 6.8.165 Virtuozzo Container Network Sensor
- 6.8.166 VMware Host Hardware (WBEM) Sensor
- 6.8.167 VMware Host Hardware Status (SOAP) Sensor
- 6.8.168 VMware Host Performance (SOAP) Sensor
- 6.8.169 VMware Virtual Machine (SOAP) Sensor
- 6.8.170 WBEM Custom Sensor
- 6.8.171 Windows CPU Load Sensor
- 6.8.172 Windows IIS 6.0 SMTP Received Sensor
- 6.8.173 Windows IIS 6.0 SMTP Sent Sensor
- 6.8.174 Windows IIS Application Sensor
- 6.8.175 Windows Last Update Sensor
- 6.8.176 Windows Logged In Users Sensor
- 6.8.177 Windows MSMQ Queue Length Sensor
- 6.8.178 Windows Network Card Sensor
- 6.8.179 Windows Pagefile Sensor
- 6.8.180 Windows Physical Disk Sensor
- 6.8.181 Windows Print Queue Sensor
- 6.8.182 Windows Registry Sensor
- 6.8.183 Windows Scheduled Task Sensor
- 6.8.184 Windows System Uptime Sensor
- 6.8.185 Windows Updates Status (Powershell) Sensor
- 6.8.186 WMI Custom Sensor
- 6.8.187 WMI Custom String Sensor
- 6.8.188 WMI Event Log Sensor
- 6.8.189 WMI Exchange Server Sensor
- 6.8.190 WMI Exchange Transport Queue Sensor
- 6.8.191 WMI File Sensor
- 6.8.192 WMI Free Disk Space (Multi Drive) Sensor
- 6.8.193 WMI HDD Health Sensor
- 6.8.194 WMI Logical Disk Sensor
- 6.8.195 WMI Memory Sensor
- 6.8.196 WMI Microsoft SQL Server 2005 Sensor (Deprecated)
- 6.8.197 WMI Microsoft SQL Server 2008 Sensor
- 6.8.198 WMI Microsoft SQL Server 2012 Sensor
- 6.8.199 WMI Process Sensor
- 6.8.200 WMI Remote Ping Sensor
- 6.8.201 WMI Security Center Sensor
- 6.8.202 WMI Service Sensor
- 6.8.203 WMI Share Sensor
- 6.8.204 WMI SharePoint Process Sensor
- 6.8.205 WMI Terminal Services (Windows 2008) Sensor
- 6.8.206 WMI Terminal Services (Windows XP/Vista/2003) Sensor
- 6.8.207 WMI UTC Time Sensor
- 6.8.208 WMI Vital System Data (V2) Sensor
- 6.8.209 WMI Volume Sensor
- 6.8.210 WMI Volume Fragmentation Sensor
- 6.8.211 WMI Windows Version Sensor
- 6.8.212 WSUS Statistics Sensor
- 6.9 Additional Sensor Types (Custom Sensors)
- 6.10 Sensor Channels Settings
- 6.11 Sensor Notifications Settings
- 7 Ajax Web Interface—Advanced Procedures+
- 7.1 Toplists
- 7.2 Arrange Objects
- 7.3 Clone Object
- 7.4 Multi-Edit
- 7.5 Create Device Template
- 7.6 Geo Maps
- 7.7 Notifications+
- 7.8 Libraries+
- 7.9 Reports+
- 7.10 Maps+
- 7.11 Setup+
- 7.11.1 Account Settings—My Account
- 7.11.2 Account Settings—Notifications
- 7.11.3 Account Settings—Schedules
- 7.11.4 System Administration—User Interface
- 7.11.5 System Administration—Monitoring
- 7.11.6 System Administration—Notification Delivery
- 7.11.7 System Administration—Core & Probes
- 7.11.8 System Administration—User Accounts
- 7.11.9 System Administration—User Groups
- 7.11.10 System Administration—Administrative Tools
- 7.11.11 Vunetrix Status—System Status
- 7.11.12 Vunetrix Status—Auto-Update
- 7.11.13 Vunetrix Status—Activation Status
- 7.11.14 Optional Downloads and Add-Ons
- 7.11.15 Chrome Desktop Notifications
- 7.11.16 Support—Contact Support
- 8 Enterprise Console+
- 9 Other User Interfaces+
- 10 Sensor Technologies+
- 10.1 Monitoring via SNMP
- 10.2 Monitoring via WMI
- 10.3 Monitoring via SSH
- 10.4 Monitoring Bandwidth via Packet Sniffing
- 10.5 Monitoring Bandwidth via Flows
- 10.6 Bandwidth Monitoring Comparison
- 10.7 Monitoring Quality of Service and VoIP
- 10.8 Monitoring Email Round Trip
- 10.9 Monitoring Backups
- 10.10 Monitoring Virtual Environments
- 10.11 Monitoring Databases
- 10.12 Monitoring Syslogs and SNMP Traps
- 11 System Administration Tools+
- 12 Advanced Topics+
- 12.1 Active Directory Integration
- 12.2 Application Programming Interface (API) Definition
- 12.3 Filter Rules for xFlow, IPFIX and Packet Sniffer Sensors
- 12.4 Channel Definitions for xFlow, IPFIX, and Packet Sniffer Sensors
- 12.5 Define IP Ranges
- 12.6 Define Lookups
- 12.7 Regular Expressions
- 12.8 Add Remote Probe+
- 12.9 Data Storage
- 12.10 Using Your Own SSL Certificate with Vunetrix's Web Server
- 12.11 Calculating Percentiles
- 13 Appendix+
Vunetrix Manual: Toplists
Packet Sniffer and xFlow (NetFlow, jFlow, sFlow, IPFIX) sensor types can not only measure the total bandwidth usage, they can also break down the traffic by IP address, port, protocol, and other parameters. The results are shown in so-called Toplists. This way Vunetrix is able to tell which IP address, connection, or protocol uses the most bandwidth. Vunetrix looks at all network packets (or streams) and collects the bandwidth information for all IPs, ports, and protocols. At the end of the toplist period, Vunetrix stores only the top entries of each list in its database.
Only Top Entries are Stored
Storing all available analysis data in a database during the analysis process would create a huge amount of data which would be very slow to transfer between probe and core and also retrieving data would be too slow. By storing only the top 100 entries for short periods of time it is possible to reduce the amount of data to a minimum while still being able to identify devices with huge bandwidth usage.
Toplists are available for xFlow, IPFIX, and Packet Sniffer sensors only. Toplist graphs are displayed right on the sensor overview page. By default, there are three different toplists predefined for each sensor:
- Top Connections: Shows bandwidth usage by connection.
- Top Protocols: Shows bandwidth usage by protocol.
- Top Talkers: Shows bandwidth usage by IP address.
Toplist Top Protocols for a Packet Sniffer Sensor
Click on one of these items to view a distribution chart and a list of source and destination IP and port, protocols, kind of traffic in different channels, etc. It depends on the selected list which information is available. Click on an entry in the Toplist Periods lists on the left side to view data for a certain time span. By default, a time span of 15 minutes is set. Additionally, several table list options are available.
In order to print a toplist, click on the Print this toplist button to view a printer-friendly version and then use the print option of your browser to send it to your printer. With Sensor Overview you will return to the current sensor's overview tab. For a quick selection of other toplists of the current sensor, click on one of the toplist icons at the top of the page.
In the sensor overview, you can add or delete new toplists, or edit existing ones.
Click on the Add Toplist item in the sensor overview to create a new toplist. The available options are the same as for editing a list.
Click on the small gear icon of a toplist item in the sensor overview to modify it.
Toplist Settings |
|
---|---|
Name |
Enter a meaningful name to identify the toplist. |
Type |
|
Toplist is based on |
This setting is only available if a custom type is selected above. Select the fields you want to add to the toplist by adding a check mark in front of the respective field name. The available options depend on the type of sensor used. They're different for Packet Sniffer, NetFlow v5, v9 (and IPFIX), and sFlow. Note: For performance reasons, only select the field you really want to monitor. Please see Performance Considerations section below. |
Period (Minutes) |
Define the interval for the toplist in minutes. Please enter an integer value. Toplists always cover a certain time span. Once a time span has passed, the top results are stored and a new toplist is started. Note: In order to avoid load problems on your probe system, please do not set this interval too long. Default setting is 15 minutes. Please see Performance Considerations section below. |
Top Count |
Define the length of your toplist. Only this number of entries will be stored for each period. Please enter an integer value. Note: In order to avoid load problems on your probe system, please do not set this value as low as possible. Default setting is 100, in order to store the top 100 entries for each period. Please see Performance Considerations section below. |
Probe/Core Data Transfer |
Define how the probe sends the toplist dataset to the core server. Choose between:
For more information, please see Performance Considerations section below. |
Memory Limit (MB) |
Define the maximal amount of memory in MB the probe will use for collecting the different connection information. Every toplist adds its amount to the probe's memory consumption. Increase this value if the number of captured connections is not sufficient. Please enter an integer value. |
Click on the Save button to store your settings. If you change tabs or use the main menu, all changes to the settings will be lost!
Click on the small trashcan icon of a toplist item in the sensor overview to delete it. Confirm with Delete to delete the list.
Click on the windows symbol to show details of a toplist.
If you create toplists for data lines with considerable usage (for example, steady bandwidth over 10 Mbit/s) or if the traffic is very diverse (for example, many IPs/ports with only little traffic each) please consider the following aspects:
- The probe gathers all information needed for the toplist in RAM memory during each period. Only the top 100 entries are transferred to the core. Depending on the toplist type and traffic patterns the required memory can grow into many megabytes.
- Choose periods as short as desirable (especially important when traffic has a high level of diversity) to minimize memory usage.
- Memory requirements can grow almost exponentially with each field used in the toplists definition (depending on traffic pattern). Avoid complex toplists for high and diverse traffic. For example, Top Connections (5 fields) needs a lot more memory than Top Talkers (1 field).
- If you experience high bandwidth usage between core and probe try to choose the Wait until toplist period ends option in the toplist settings.
- If you experience Data incomplete, memory limit was exceeded messages try to increase the memory limit in the toplist settings but keep an eye on the probe process' memory usage.
- When working with toplists be aware that privacy issues can come up for certain configurations of this feature. Using toplists you can track all single connections of an individual PC to the outside world and you, as the administrator, must make sure that it is legal for you to configure Vunetrix like this.
- Keep in mind that toplists can be viewed through the web interface. You may not want to show lists of domains used in your network to others. So you should restrict access to sensor types having toplists.
- Note that diagrams, for example, for top connections are not meant to be used for detailed analysis. Rather they should indicate if there is an uncommon bigger change in this toplist.
Ajax Web Interface—Advanced Procedures—Topics
Other Ajax Web Interface Sections
Related Topics |
---|
Keywords: Flow,Flow Toplists,Packet Sniffing,Packet Sniffing Toplists,Toplists