Symantec 10521146 Administration Guide - Page 239
Viewing Flow Statistics, Viewing exported flows, Start Query, Next Results, Clear, Incidents
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 239 highlights
Reporting 239 Querying flows Note: The Network Security console displays the flow data in table format, one page at a time. You can sort the table by clicking the heading of any column. This sort, however, applies only to the page currently displayed, which may be only a portion of the entire report. At the top of the display, a prompt indicates how many flows are currently displayed, out of the total report. 5 Do one of the following: ■ Click Start Query to run a flow query based on the parameters that you configured. ■ Click Next Results to view the next page of a query that was too large to display in its entirety. ■ Click Clear to stop the active query and remove the results from display. Viewing Flow Statistics The Incidents tab enables you to view the Flow Statistics of any particular event. To view flow statistics 1 In the Incidents tab, right-click an incident. 2 Click View Incident Details. 3 In Incident Details, right-click the Top Source IP. 4 Click Flow Statistics. To run a query from this location, see "Viewing current flows" on page 238. Viewing exported flows Query Exported Flows enables you to search against flow data that has been logged to the disk database. This enables flow data to be saved when a certain condition is triggered. The result is that a new event appears in the Network Security console with a link to the actual flow data. The search dialog allows the user to search across all the flows that have been exported. To query exported flows 1 In the Network Security console, click Flows > View Exported Flows. 2 Choose one of the following tabs: ■ Match Source and Destination: This will make a more focused query on specific source and destination IPs.