tips:paloalto
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
tips:paloalto [2019/11/01 17:11] – [Using Palo Alto User-ID and App-ID in Netflow analytics] veera | tips:paloalto [2019/11/01 17:47] – [New Counter Groups : User-ID and App-ID] veera | ||
---|---|---|---|
Line 8: | Line 8: | ||
These two fields really turbo charge your visibility and investigation capabilities. This article explains how to leverage these in Trisul Network Analytics. | These two fields really turbo charge your visibility and investigation capabilities. This article explains how to leverage these in Trisul Network Analytics. | ||
- | - monitoring overall traffic of Users and Apps | + | * monitoring overall traffic of Users and Apps |
- | - searching individual flows for a particular User or App at flow level | + | |
- | - aggregate statistics of a particular User or App. | + | |
- | ===== Counter Groups | + | ===== Monitor overall traffic |
- | Trisul automatically creates two counter groups called | + | ==== New Counter Groups : User-ID and App-ID |
- | The metrics within the User-ID and App-ID | + | Trisul automatically creates two counter groups called |
+ | ^meter^description^ | ||
+ | |Total traffic|Total traffic bandwidth used by a User or App| | ||
+ | |Download traffic| Download bandwidth used by per User/App. The Download direction is metered when the flow source IP is an external IP address and the destination-IP is internal. Internal IPs belong to the Home Network configured in Trisul| | ||
+ | |Upload traffic| per-User bandwidth out of home network to external| | ||
+ | |Internal traffic| per-User bandwidth where both the source and destination are inside the home network| | ||
+ | |Transit traffic| where both source and destination are outside the home network. You will typically not find data here in normal enterprise environments| | ||
+ | |Flows| Total number of flows active per user/app | | ||
+ | To view these metrics | ||
+ | * **Use Retro Analysis** : Select //Retro > Retro Counters// then select a time frame, then select User-ID from the list of counters shown on the right side. You can see the top items for each metric. | ||
+ | * **Create dashboards** : Customize > UI > | ||
+ | |||
+ | The retro analysis screen looks like below. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | The Retro Analysis tools show you the Top-N, Bottom-N, Topper Trend over time, and Pie chart views. The following chart shows you toppers over time. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | |||
+ | ==== NAT issues ==== | ||
- | NAT issues | ||
Create flow tags | Create flow tags | ||
- | Create dashboards | ||
Query by user-id and app-id | Query by user-id and app-id |
tips/paloalto.txt · Last modified: 2019/11/01 18:25 by veera