User's Guide

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesReal-time Network and Application Insights from the Edge to the Data Center and into the Multi-Cloud

151

152

153

154

155

156

157

158

159

160

Table Of Contents

ExtremeAnalytics® User GuideVersion 8.4
Legal Notices
Trademarks
Contact
Extreme Networks® Software License Agreement
Table of Contents
ExtremeAnalytics™ Help
- Document Version
ExtremeAnalytics Licensing
- Using Licenses to Establish Flow Rate Capacity
- Getting Started with ExtremeAnalytics
- ExtremeAnalytics Access Requirements
- ExtremeAnalytics Engine Configuration
- Enable Flow Collection
- Enable Jumbo Frames
Configuring Enhanced Netflow for Extreme Analytics and Extreme Wireless Contr...
How to Deploy ExtremeAnalytics in an MSP or MSSP Environment
- Configuring Extreme Management Center Behind a NAT Router
- ExtremeAnalytics Application Data Collection
- Data Collection Overview
- Using Sites to Collect In-Network Traffic
- Data Collector Types
  - General Usage Collectors
    - Hourly General Usage Collectors
    - High-Rate General Usage Collectors
  - End-System Details Collector
- Flow Information Sources
  - Enabling ExtremeControl Integration
- Reports
  - Dashboard Report
  - Browser Reports
ExtremeAnalytics Tab Overview
- Dashboard
- Browser
- Application Flows
- Fingerprints
- Packet Captures
- Configuration
- Reports
ExtremeAnalytics Dashboard Overview
- Insights Dashboard Reports
- Client/Server Dashboard Reports
- Applications Browser Dashboard Report
- Industry Dashboards
- IP Reputation Dashboard
- Response Time Dashboard
- Network Service Dashboard
- Tracked Applications Dashboard
ExtremeAnalytics Insights Dashboard
- Insights
  - Ring Chart
  - Custom Dashboard
- How to Create an ExtremeAnalytics Insights Custom Dashboard
  - Custom Dashboard
  - Graphs
- ExtremeAnalytics Response Time Dashboard
- Overview
- Network Response Time Graph
- Application Response Time Graph
- ExtremeAnalytics Network Service Dashboard
- Overview
- Expected Response Time
- Historical Response Time
ExtremeAnalytics Tracked Applications Dashboard
- Overview
- Expected Response Time
- Historical Response Time
ExtremeAnalytics Browser Overview
- Overview
- Data Aggregation
- Options
ExtremeAnalytics Application Flows
- Overview
- Application Flows Tables
- Report Features
- ExtremeAnalytics Bidirectional Flow Table
- ExtremeAnalytics Unidirectional Flow Table
- ExtremeAnalytics Historical Flow Table
ExtremeAnalytics Fingerprints Overview
ExtremeAnalytics Custom Fingerprints
- Fingerprint Table
  - Menu
  - Column Definitions
Delete Custom Fingerprints
- Deleting a Custom Fingerprint
Custom Fingerprint Examples
- Fingerprints Based on a Flow
- Fingerprints Based on an Application or Application Group
- Fingerprints Based on a Destination Address
Create Custom Fingerprints Based on Flow
- Creating Fingerprints Based on a Flow
Create Custom Fingerprints Based on Destination Address
- Creating Fingerprints Based on a Destination Address
Create Custom Fingerprints Based on Application or Application Group
- Creating Fingerprints Based on an Application or Application Group
ExtremeAnalytics Packet Captures
ExtremeAnalytics Configuration Overview
- Engines
  - Status
  - Configuration
- Virtual Sensors
- Fingerprints
- Licenses
- Status
- Configuration
Virtual Sensors
- Virtual Sensors
- Virtual Machines
ExtremeAnalytics Engine Advanced Configuration
- Flow Collection Type
- Collection Privacy Levels
- Client Aggregation
- Slow Client Data
- Max End-Systems in Hourly Details
- Sensor Log Levels
- Store Application Site Data
- ExtremeControl Integration
- Flow Sources/Application Telemetry Sources
- Web Credentials
- Configuration Properties
- Sensor Modules
- Auditing
- Network Settings
ExtremeAnalytics Reports
- Reports
ExtremeAnalytics Report Descriptions
- Report Descriptions
Add and Modify Fingerprints
- Adding a Fingerprint
- Modifying a Fingerprint
- Enabling or Disabling a Fingerprint
- Deleting a Custom Fingerprint
- Updating Fingerprints
  - Perform a Fingerprint Update
  - Schedule Fingerprint Updates
Add Fingerprints
- Add a Fingerprint
Enable or Disable Fingerprints
- Enabling or Disabling a Fingerprint
Modify Fingerprints
- Modifying a Fingerprint
Update Fingerprints
- Updating Fingerprints
  - Perform a Fingerprint Update
  - Schedule Fingerprint Updates
Custom Fingerprint Examples
- Fingerprints Based on a Flow
- Fingerprints Based on an Application or Application Group
- Fingerprints Based on a Destination Address
How to Deploy ExtremeAnalytics in an MSP or MSSP Environment
- Configuring Extreme Management Center Behind a NAT Router
ExtremeAnalytics Virtual Sensor Configuration in Extreme Management Center
- Prerequisites
- Installing the Virtual Sensor Using the Extreme Management Center Server
  - Install Using Extreme Management Center
    - Configuring the VMware vSphere Module in ExtremeConnect
    - Adding the Virtual Sensor to Extreme Management Center
- Adding the Virtual Sensor in ExtremeAnalytics
- Configuring vCenter Settings for the Virtual Sensor
Stream Flow Data from ExtremeAnalytics into Splunk
- Environment
- Overview
- Part 1 – Making File Level Splunk Modifications
- Part 2 – Creating a New Stream using the Splunk web UI
- Part 3 – Configuring each Analytics Engine to Export IPFIX Data to the Splunk...
- Appendix
Stream Flow Data from ExtremeAnalytics into Elastic Stack
- Environment
- Overview
- Part 1 – Installing and Configuring ElastiFlow and Elastic Stack
- Part 2 – Configuring each Analytics Engine to export IPFIX data to the Elasti...
- Appendix: Files

Adding a Fingerprint

157 of 218

l Address <IPaddress> with mask on port <port number> — Creates a

fingerprint that identifies traffic either coming from or going to the specified

subnet on the specified port. For example, an IP address of 192.168.0.0 with a

mask of 16 would result in all traffic either coming from or going to the 192.168

subnet on the specified port to be identified by the fingerprint.

l Host <host name> — Creates a fingerprint that identifies a specific hostname in

the URI of web traffic.

l HTTP Header — Creates a fingerprint that identifies traffic containing specified

HTTP header information, if HTTP header information is included in the flow's

metadata.

Note that there may be two port number or IPaddress options listed: one

for the flow's source port/IP address and one for the flow's destination

port/IPaddress.

5. If you selected an IP address with mask option, you need to specify a subnet of IP

addresses. Enter the IPCIDRmask, which is a mask on the flow IP, with 0-32 for IPv4

and 0-128 for IPv6.

6. Enter the name of the application for which the fingerprint is defined.

7. Use the drop-down list to select the application group to which the application

belongs. If none of the existing groups are appropriate, you can enter a new group

name and the new group is automatically created.

8. Select the fingerprint's confidence level. The confidence level defines the reliability

of this fingerprint. Higher confidence fingerprints override lower confidence

fingerprints, if multiple fingerprints match a flow. Values are 1-100, with 100 being

absolutely reliable.

9. Enter a description of the fingerprint, if desired.

10. Click Save. The new fingerprint is created on the Extreme Management Center

server.

11. Enforce to push the new fingerprint to your engines.

TIP: You can also create a custom fingerprint from the Fingerprints tab. Click the Menu icon and

select Create Fingerprint. The Add Fingerprint window opens where you can select all the flow

components you want for the fingerprint. The new fingerprint is not based on an existing

fingerprint and you need to enter values for all required fields such as IP or Hostname,

Application Name, and Application Group. The new fingerprint must be enforced to engines

before it can take effect.