User's Guide

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesReal-time Network and Application Insights from the Edge to the Data Center and into the Multi-Cloud

101

102

103

104

105

106

107

108

109

110

Table Of Contents

ExtremeAnalytics® User GuideVersion 8.4
Legal Notices
Trademarks
Contact
Extreme Networks® Software License Agreement
Table of Contents
ExtremeAnalytics™ Help
- Document Version
ExtremeAnalytics Licensing
- Using Licenses to Establish Flow Rate Capacity
- Getting Started with ExtremeAnalytics
- ExtremeAnalytics Access Requirements
- ExtremeAnalytics Engine Configuration
- Enable Flow Collection
- Enable Jumbo Frames
Configuring Enhanced Netflow for Extreme Analytics and Extreme Wireless Contr...
How to Deploy ExtremeAnalytics in an MSP or MSSP Environment
- Configuring Extreme Management Center Behind a NAT Router
- ExtremeAnalytics Application Data Collection
- Data Collection Overview
- Using Sites to Collect In-Network Traffic
- Data Collector Types
  - General Usage Collectors
    - Hourly General Usage Collectors
    - High-Rate General Usage Collectors
  - End-System Details Collector
- Flow Information Sources
  - Enabling ExtremeControl Integration
- Reports
  - Dashboard Report
  - Browser Reports
ExtremeAnalytics Tab Overview
- Dashboard
- Browser
- Application Flows
- Fingerprints
- Packet Captures
- Configuration
- Reports
ExtremeAnalytics Dashboard Overview
- Insights Dashboard Reports
- Client/Server Dashboard Reports
- Applications Browser Dashboard Report
- Industry Dashboards
- IP Reputation Dashboard
- Response Time Dashboard
- Network Service Dashboard
- Tracked Applications Dashboard
ExtremeAnalytics Insights Dashboard
- Insights
  - Ring Chart
  - Custom Dashboard
- How to Create an ExtremeAnalytics Insights Custom Dashboard
  - Custom Dashboard
  - Graphs
- ExtremeAnalytics Response Time Dashboard
- Overview
- Network Response Time Graph
- Application Response Time Graph
- ExtremeAnalytics Network Service Dashboard
- Overview
- Expected Response Time
- Historical Response Time
ExtremeAnalytics Tracked Applications Dashboard
- Overview
- Expected Response Time
- Historical Response Time
ExtremeAnalytics Browser Overview
- Overview
- Data Aggregation
- Options
ExtremeAnalytics Application Flows
- Overview
- Application Flows Tables
- Report Features
- ExtremeAnalytics Bidirectional Flow Table
- ExtremeAnalytics Unidirectional Flow Table
- ExtremeAnalytics Historical Flow Table
ExtremeAnalytics Fingerprints Overview
ExtremeAnalytics Custom Fingerprints
- Fingerprint Table
  - Menu
  - Column Definitions
Delete Custom Fingerprints
- Deleting a Custom Fingerprint
Custom Fingerprint Examples
- Fingerprints Based on a Flow
- Fingerprints Based on an Application or Application Group
- Fingerprints Based on a Destination Address
Create Custom Fingerprints Based on Flow
- Creating Fingerprints Based on a Flow
Create Custom Fingerprints Based on Destination Address
- Creating Fingerprints Based on a Destination Address
Create Custom Fingerprints Based on Application or Application Group
- Creating Fingerprints Based on an Application or Application Group
ExtremeAnalytics Packet Captures
ExtremeAnalytics Configuration Overview
- Engines
  - Status
  - Configuration
- Virtual Sensors
- Fingerprints
- Licenses
- Status
- Configuration
Virtual Sensors
- Virtual Sensors
- Virtual Machines
ExtremeAnalytics Engine Advanced Configuration
- Flow Collection Type
- Collection Privacy Levels
- Client Aggregation
- Slow Client Data
- Max End-Systems in Hourly Details
- Sensor Log Levels
- Store Application Site Data
- ExtremeControl Integration
- Flow Sources/Application Telemetry Sources
- Web Credentials
- Configuration Properties
- Sensor Modules
- Auditing
- Network Settings
ExtremeAnalytics Reports
- Reports
ExtremeAnalytics Report Descriptions
- Report Descriptions
Add and Modify Fingerprints
- Adding a Fingerprint
- Modifying a Fingerprint
- Enabling or Disabling a Fingerprint
- Deleting a Custom Fingerprint
- Updating Fingerprints
  - Perform a Fingerprint Update
  - Schedule Fingerprint Updates
Add Fingerprints
- Add a Fingerprint
Enable or Disable Fingerprints
- Enabling or Disabling a Fingerprint
Modify Fingerprints
- Modifying a Fingerprint
Update Fingerprints
- Updating Fingerprints
  - Perform a Fingerprint Update
  - Schedule Fingerprint Updates
Custom Fingerprint Examples
- Fingerprints Based on a Flow
- Fingerprints Based on an Application or Application Group
- Fingerprints Based on a Destination Address
How to Deploy ExtremeAnalytics in an MSP or MSSP Environment
- Configuring Extreme Management Center Behind a NAT Router
ExtremeAnalytics Virtual Sensor Configuration in Extreme Management Center
- Prerequisites
- Installing the Virtual Sensor Using the Extreme Management Center Server
  - Install Using Extreme Management Center
    - Configuring the VMware vSphere Module in ExtremeConnect
    - Adding the Virtual Sensor to Extreme Management Center
- Adding the Virtual Sensor in ExtremeAnalytics
- Configuring vCenter Settings for the Virtual Sensor
Stream Flow Data from ExtremeAnalytics into Splunk
- Environment
- Overview
- Part 1 – Making File Level Splunk Modifications
- Part 2 – Creating a New Stream using the Splunk web UI
- Part 3 – Configuring each Analytics Engine to Export IPFIX Data to the Splunk...
- Appendix
Stream Flow Data from ExtremeAnalytics into Elastic Stack
- Environment
- Overview
- Part 1 – Installing and Configuring ElastiFlow and Elastic Stack
- Part 2 – Configuring each Analytics Engine to export IPFIX data to the Elasti...
- Appendix: Files

ExtremeAnalytics Historical Flow Table

108 of 218

NOTES:

l Matches are stored and displayed per engine. If you have multiple

engines, use the

Engine menu to select an engine to use as the

source for the Hits and Matches data.

l If a flow generates hits on multiple fingerprints, and one

fingerprint has a higher confidence than another fingerprint, a hit

is counted for each fingerprint, but a match is only recorded for

the final, highest confidence fingerprint.

l If you need to reset the Matches counters, use the Reset

Fingerprint Counters option from the Menu icon ( ).

Type

The fingerprint type refers to how the fingerprint determines a match.

l FlexFire — These fingerprints execute specific matching algorithms encoded into

the engine. Disabling the fingerprint disables the specific code that implements the

fingerprint.

l PCRE — These fingerprints search using Perl Compatible Regular Expressions

(PCRE).

l Port-based — These fingerprints search for traffic on a specific port (typically,

server-only ports). These are very low-confidence fingerprints and are generally just

used for wider coverage.

l Web-App Rule — These fingerprints search for a specific hostname in the URI of

web requests.

l SSL Name — These fingerprints search for values in the SSL common name.

l Http Host — These fingerprints search for values in the HTTP hostname.

l Decoder — These fingerprints extract protocol metadata from a flow that is provided

when we generate a match on that flow.

l General — Any fingerprint that isn't included in one of the other types. Typically,

these fingerprints search for a straight pattern, or for a specific port and/or IP

address with custom fingerprints (excluding custom Web-App Rule fingerprints).

Enabled

A indicates the fingerprint is enabled. When a fingerprint is enabled, it will

be used to identify applications. When it is disabled, it will be ignored.

Last Modified

Date that the fingerprint was last modified.