User Guide

OmniVista SafeGuard Manager Administration Guide

Chapter 4: Visualization

Viewing Active Data Against Historical Data

Active data is generated while the user is logged in. Data is considered history (inactive)

when the user logs out. Whenever any data or events are cleared, they also become part

of history.

Searching Active or Inactive Data within a Specified Time Range

OmniVista SafeGuard Manager allows you to search for active or inactive data within a

specified time range (Figure 57). This example uses a search for active applications and

application instances within a specified time range.

Figure 59 Search Active or Inactive Data within Specified Time Range

Figure 59 shows that a search for an active application “App” between t1 and t2 time

period results in a sum of bandwidth (bytes, packets) of all the application flows (fl1 –

fl4). The start time of the application comes up as t3 and the last occurrence time shows

up as t4.

At this point, what users might expect (given the search time range of t1 – t2) is to see

data within the time range specified. However, search crosses the time boundaries and

displays aggregate data for all the flows of the application “App” which either started or

ended (or could be both), or active between t1 and t2 times.

NOTE: Malware and Posture events are host based; therefore, they

are not considered history when the user logs out. These events must

be cleared for them to be history.

Search Time

Range

App fl 1

App fl 2

App fl3

App fl4

t3 t4

t7 t8

t9 t10