User's Guide
Table Of Contents
- ExtremeAnalytics® User GuideVersion 8.4
- Legal Notices
- Trademarks
- Contact
- Extreme Networks® Software License Agreement
- Table of Contents
- ExtremeAnalytics™ Help
- ExtremeAnalytics Licensing
- Configuring Enhanced Netflow for Extreme Analytics and Extreme Wireless Contr...
- How to Deploy ExtremeAnalytics in an MSP or MSSP Environment
- ExtremeAnalytics Tab Overview
- ExtremeAnalytics Dashboard Overview
- ExtremeAnalytics Insights Dashboard
- ExtremeAnalytics Tracked Applications Dashboard
- ExtremeAnalytics Browser Overview
- ExtremeAnalytics Application Flows
- ExtremeAnalytics Fingerprints Overview
- ExtremeAnalytics Custom Fingerprints
- Delete Custom Fingerprints
- Custom Fingerprint Examples
- Create Custom Fingerprints Based on Flow
- Create Custom Fingerprints Based on Destination Address
- Create Custom Fingerprints Based on Application or Application Group
- ExtremeAnalytics Packet Captures
- ExtremeAnalytics Configuration Overview
- Virtual Sensors
- ExtremeAnalytics Engine Advanced Configuration
- Flow Collection Type
- Collection Privacy Levels
- Client Aggregation
- Slow Client Data
- Max End-Systems in Hourly Details
- Sensor Log Levels
- Store Application Site Data
- ExtremeControl Integration
- Flow Sources/Application Telemetry Sources
- Web Credentials
- Configuration Properties
- Sensor Modules
- Auditing
- Network Settings
- ExtremeAnalytics Reports
- ExtremeAnalytics Report Descriptions
- Report Descriptions
- Analytics Events
- Bandwidth for a Client Over Time
- Interface Top Applications Treemap
- Sites Using the Most Bandwidth
- Most Popular Applications
- Most Used Applications for a Client
- Most Used Applications for a User Name
- Network Activity by Site
- Network Activity by Client
- Network Activity by Application
- Slowest Applications by Site
- Top Applications Group Radar
- Top Applications Radar
- Top Applications TreeMap
- Top Applications for Interface
- Top Applications for Server
- Top Clients by Interface
- Top Interfaces by Application
- Top N Applications
- Top N Clients
- Top N Servers
- Report Descriptions
- Add and Modify Fingerprints
- Add Fingerprints
- Enable or Disable Fingerprints
- Modify Fingerprints
- Update Fingerprints
- Custom Fingerprint Examples
- How to Deploy ExtremeAnalytics in an MSP or MSSP Environment
- ExtremeAnalytics Virtual Sensor Configuration in Extreme Management Center
- Stream Flow Data from ExtremeAnalytics into Splunk
- Stream Flow Data from ExtremeAnalytics into Elastic Stack
Part 1 – Installing and Configuring ElastiFlow and Elastic Stack
210 of 218
sudo systemctl restart kibana
The default port for the Kibana’s server is tcp port 5601. Create a
firewall rule to allow users access to the Kibana server. The rule should
be something like:
sudo ufw allow from YOUR_MANAGEMENT_SUBNET to any port 5601
proto tcp
c. Configure Logstash:
Edit JVM setting in /etc/logstash/jvm.options.
sudo nano /etc/logstash/jvm.options
Change -Xms1g to -Xms4g.
Change -Xmx1g to -Xmx4g.
Save the file.
Add required Logstash plugins.
sudo /usr/share/logstash/bin/logstash-plugin update
logstash-codec-netflow;
sudo /usr/share/logstash/bin/logstash-plugin update
logstash-input-udp;
sudo /usr/share/logstash/bin/logstash-plugin update
logstash-filter-dns;
sudo /usr/share/logstash/bin/logstash-plugin update
logstash-filter-geoip;
sudo /usr/share/logstash/bin/logstash-plugin update
logstash-filter-translate
4. Download and extract ElastiFlow v3.4.2.tar.gz to /usr/local/src.
wget
https://github.com/robcowart/elastiflow/archive/v3.4.2.tar.gz
sudo tar xvzf v3.4.2.tar.gz -C /usr/local/src
5. Copy logstash configuration.
cd /usr/local/src
sudo cp -arv elastiflow-3.4.2/logstash/elastiflow/.
/etc/logstash/elastiflow
6. Merge Extreme Networks specific IPFIX definitions with ElastiFlow.