6.3. Counter Group Settings
You can :
- Edit settings such as bucket size and other settings
- Edit topper policies; how many toppers to track for each meter
- Perform further configuration for user defined counter groups
You can also enable or disable any counter group.
Restart required changes will be made effective only upon restarting Trisul
Disabling a built-in counter group will cause all user-defined counter groups that depend on it to report zero usage.
6.3.1 Editing settings
Login as Admin → Select Context and profile → Under Basic Configurations → Select Counter Groups
- The entire list of counter groups is shown
- Click on the name of a particular counter group ,which leads you to a page with the fields below
FieldName | Description |
---|---|
Name | A name for this counter group |
Description | Few words describing the purpose of the counter group |
Active | Shows if the counter group enabled or disabled |
Bucket Size | Specified as millisec.Counters are accumulated into this bucket and written out when a bucket is full. Smaller buckets results in more data being stored |
Topper Traffic Only | If enabled trisul will store only the toppers |
Click on Advanced Options to access the following
FieldName | Description |
---|---|
Topper Commit Interval | The parameter controls how frequently (in sec) are the toppers written to the database |
High Water Mark | The maximum number of keys tracked in this counter group, before it is pruned down to the low water mark |
Low Water Mark | When the number of keys tracked gets over the high water mark, Trisul prunes them down to this level |
6.3.2 Bulk edits
The following bulk edit options are available.
To access these options:
Login as Admin → Select Context and profile → Under Basic Configurations → Select Counter Groups → Advanced Options
- The entire list of counter groups is shown
- Set a bucket size for all counter groups
- Disable all counter groups that do not apply in Netflow mode
6.3.3 Editing Counter Group Topper Policies
Directions to edit counter group settings
Login as Admin → Select Context and profile → Under Basic Configurations → Select Counter Groups
- The entire list of counter groups is shown
- Click the option Edit Topper Policies for a particular counter group , directs you to a page with the below fields
Total |
Received |
Transmit |
Total |
Active TCP Conns |
Attacker alerts |
Homenet |
External |
TCP SYN sent |
TCP SYN recv |
TCP SYNACK sent |
TCP RSTFIN sent |
Victim alerts |
The topper policy depends on the meters present for each counter group . The above example shows for Internal Hosts
consisting of 12 meters