Symantec 10268947 User Guide - Page 117

Reports and Queries 117 About querying flows Table 9-6 Drill-down-only reports Report Description Flows by source port Flows by destination port Flows by protocol This report lists the source ports of flows found on devices with Flow Status Collection sensor mode enabled. You can generate this report from within the Devices with Flow Statistics report. This report lists the destination ports of flows found on devices with Flow Status Collection sensor mode enabled. You can generate this report from within the Devices with Flow Statistics report. This report lists the protocols of flows found on devices with Flow Status Collection sensor mode enabled. You can generate this report from within the Devices with Flow Statistics report. About querying flows FlowChaser serves as a data source in coordination with Symantec Network Security TrackBack, a response mechanism that traces a DoS attack or network flow back to its source. The FlowChaser database can be queried for flows by port and arbitrary address. The Network Security console displays both current flow data and exported flow data, and provides secondary query options from the results page. Symantec Network Security provides query options as follows: ■ In Query Current Flows or Query Exported Flows ■ In Event Details, right-click the IP address to see the flow statistics ■ In Event Details of an Exported Related Flows, exported flows are displayed The Network Security console retrieves a limited number of records for each query, which prevents overloading memory, and displays the results in a table. If more results are available, click Next Results to proceed. Viewing current flows View Current Flows enables you to search against all of the collected flows by FlowChaser. These flows are stored in memory so they are not persistent. To query current flows 1 In the Network Security console, click Flow > View Current Flows.