Symantec 10521146 Administration Guide - Page 237
Querying flows
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 237 highlights
Reporting 237 Querying flows Table 9-6 Drill-down-only reports Report Description Flows by source port Flows by destination port Flows by protocol This report lists the source ports of flows found on devices with Flow Status Collection sensor mode enabled. You can generate this report from within the Devices with Flow Statistics report. This report lists the destination ports of flows found on devices with Flow Status Collection sensor mode enabled. You can generate this report from within the Devices with Flow Statistics report. This report lists the protocols of flows found on devices with Flow Status Collection sensor mode enabled. You can generate this report from within the Devices with Flow Statistics report. Querying flows FlowChaser serves as a data source in coordination with Symantec Network Security TrackBack, a response mechanism that traces a DoS attack or network flow back to its source. The FlowChaser database can be queried for flows by port and arbitrary address. The Network Security console displays both current flow data and exported flow data, and provides secondary query options from the results page. Symantec Network Security provides query options as follows: ■ In Query Current Flows or Query Exported Flows ■ In Event Details, right-click the IP address to see the flow statistics ■ In Event Details of an Exported Related Flows, exported flows are displayed The Network Security console retrieves a limited number of records for each query, which prevents overloading memory, and displays the results in a table. If more results are available, click Next Results to proceed. This section includes the following: ■ Viewing current flows ■ Viewing exported flows ■ Playing recorded traffic