Flow Monitor settings
The Flow Monitor Settings dialog provides general settings, data retention, and data management settings used to configure and manage Flow Monitor.
General
- . Enter the TCP/IP port numbers which the Flow Monitor collector service should use to listen for flow information. Flow Monitor can listen on one or more ports, with port 9999 being the default. The sources sending flow information to Flow Monitor must send data using one of these port numbers.
: If you configure Flow Monitor to listen on more than one port, or on a port other than the default port, you should verify that the port is not being used by another service. Additionally, if you are using Windows Firewall, ensure that an exception is added to the firewall.
- . Select the level of details you want to write to the log.
- . Select this option to record errors and some general event information.
- . Select this option to record more detailed information than normal logging. This option can create a very large file and may be resource intensive, however, it is especially helpful for troubleshooting issues.
- . Select this option to record only errors.
- . Select this option to enable Flow Monitor to display tooltips with information about possible problems and other information about report details.
- . Select this option to allow Flow Monitor to retrieve and display favicons (favorite icons) from hosts and domains when they are provided.
: If you select the option, Flow Monitor makes connections to a host in the domain to retrieve the favicon. This impacts the connections statistics for both the host and the domain.
Report Data
- . Select how often Flow Monitor writes raw data from its sources to the database. You may select 1, 2, 3, 4, 5, or 10 minutes. By default, raw data is written to the database every 2 minutes.
: Modifying collection interval settings affects the granularity you see in Flow Monitor reports. If the interval is set to 5 minutes, you cannot distinguish traffic collected during the first minute from traffic collected during the fourth minute.
- . When the Flow Monitor collector service encounters an IP address, it tries to determine information about the host attached to the IP address. After this information is resolved, it is stored in the Flow Monitor database. Enter the interval (in hours) that you want Flow Monitor to wait, before it checks the private IP address again, to resolve information that may have changed for the address. By default, private addresses are resolved every 48 hours.
- . When the Flow Monitor collector service encounters an IP address, it tries to determine information about the host attached to the IP address. After this information is resolved, it is stored in the Flow Monitor database. Enter the interval (in hours) that you want Flow Monitor to wait, before it checks the public IP address again, to resolve information that may have changed on the address. By default, public addresses are resolved every 720 hours (30 days).
: Because public IP addresses are less likely to be changed, you may want to use longer intervals than used for the option.
- . Enter the number of hours after which Flow Monitor should purge unclassified traffic. Unclassified traffic is traffic transmitted over ports that are currently not monitored by Flow Monitor. By default, this option is set to 0 (zero), which causes Flow Monitor to aggregate and retain data for all unclassified ports as a single value; detailed information about the individual unclassified ports over which traffic was transmitted is immediately discarded.
: Be cautious about increasing the time for value because the database can grow very large as the time is increased.
: The collector will purge any unclassified data that has no activity after the value is satisfied.
You can use the data retention section of the Flow Monitor Settings dialog to set data retention parameters for flow and interface data. Periodic roll-up and archival of flow data minimizes system resources needed for data storage and improves system responsive during data intensive operations.
Data retention settings
Flow data includes many parameters (input and output interfaces, source and destination IP addresses, port numbers, byte rates, flow end times, etc.) which while useful in providing information may quickly fill available storage. Rolling up the data makes for efficient storage, but there may be losses of time related information within individual flows. Flow Monitor provides a data retention scheme that allows the user to choose to either manually tune data retention or to allow Flow Monitor to automatically tune the retention of flow data, which in turn actively manages the growth rate of the Flow Monitor databases. The following parameters are used to control the cleanup of flow data.
- . Select this option if you want Flow Monitor to automatically tune the flow data cleanup settings to manage database size and system performance. This option is selected by default.
- . Use this option to determine the percentage of raw traffic the collector will write to the database. This option is enabled when you clear the check box.
: While the default settings for data cleanup are conservative, when you modify the roll-up settings it can directly affect the size of the Flow Monitor databases and the performance of the application. We recommend that you modify these settings cautiously, and monitor the effects of changes to these settings on database size and application performance.
: When you place the cursor in a box to change a value, a message appears at the bottom of the dialog. This message provides information about the number and percentage of the recommended maximum flow records being stored in the Flow Monitor data and archive databases. As you make changes, the message predicts how the change affects the number of records stored in the Flow Monitor data and archive databases.
- . Enter the number of hours of raw flow data you would like to maintain. This setting establishes a sliding time window of raw data that spans the specified period. Raw data that reaches the end of the period is rolled up. The roll up of raw data happens every hour on the hour. After data has been rolled up, Flow Monitor can only report using the hourly summations. By default, raw data is rolled up after 4 hours.
- . Enter the number of days you would like to maintain hourly data. This setting establishes a sliding time window of hourly data that spans the specified number of days. As hourly data ages beyond this period it is rolled up. The roll up of hourly data takes place daily. After hourly data is rolled up, Flow Monitor can only report aggregated totals for the entire 24-hour block of time. By default, hourly data is maintained for 1 day.
- . Enter the number of days of daily data you would like to maintain before archiving. This setting establishes a sliding time window of daily data that spans the specified number of days. As daily data ages beyond this period, it is archived. Flow Monitor continues to have visibility into archived data with some restrictions. By default, daily data is archived after 3 days.
- . Enter the number of days of daily data you would like to maintain in the archive database. This setting establishes a sliding time window of archived daily data that spans the specified number of days. As the archived daily data ages beyond this period it is purged from the database. After archived data is purged, Flow Monitor can no longer report on the data. By default, archive data is purged from the database after 7 days.
Interface Data Retention Settings
Raw interface data is provided by the flow collector, or the collector can be configured to collect raw interface data directly from the network device when the collector is receiving sampled flow data. This raw interface data is used to represent total interface traffic for the period and to calculate 95th percentile values for the Interface Overview and Interface Usage reports. Because of the data compaction, interface data has a smaller impact on data storage, so it can be maintained for longer periods of time.
The following parameters are used to control the clean up of interface data.
- . Enter the number of days of raw interface data you would like to maintain. This setting establishes a sliding time window of raw interface data that spans the specified number of days. As raw interface data ages beyond this point it is rolled up. After data has been rolled up, Flow Monitor can only report using the summations produced in the roll-up process. By default, raw interface data is rolled up after 8 days.
: While the default settings for data cleanup are conservative, when you modify the roll-up settings it can directly affect the size of the Flow Monitor databases and the performance of the application. We recommend that you modify these settings cautiously, and monitor the effects of changes to these settings on database size and application performance.
: If 95th percentile values are going to be used for billing purposes, you should maintain a set of raw interface data that matches the billing period to ensure accurate results. To gather the data needed to calculate the 95th percentile values for the interface, set the setting for Interface Data to match or exceed the billing period.
- . Enter the number of days you would like to maintain hourly interface data. This setting establishes a sliding time window of hourly interface data that spans the specified number of days. As hourly data ages beyond this period it is rolled up. The roll up of hourly interface data takes place daily. After hourly interface data is rolled up, Flow Monitor can only report aggregated totals for the entire 24-hour block of time. By default, hourly interface data is maintained for 35 days.
- . Enter the number of days of daily interface data you would like to maintain before archiving. This setting establishes a sliding time window of daily interface data that spans the specified number of days. As daily interface data ages beyond this period, it is archived. Flow Monitor continues to have visibility into archived interface data. By default, daily interface data is archived after 180 days.
- . Enter the number of days of daily interface data you would like to maintain in the archive database. This setting establishes a sliding time window of archived daily interface data that spans the specified number of days. As the archived daily interface data ages beyond this period it is purged from the database. After archived interface data is purged, Flow Monitor can no longer report on the data. By default, archive interface data is purged from the database after 365 days.
Click to save changes.