Filtering strategies, Nta parameter settings – H3C Technologies H3C Intelligent Management Center User Manual
Page 17
7
categories to organize applications into categories. In addition, you can add user-defined
applications to application categories.
For more information on managing applications, protocols, and application categories in NTA, see
"
," and "
Managing application categories
respectively.
Filtering strategies
Filter strategies in NTA enable you to define whether the network flow records that NTA receives are
processed or discarded by NTA. You can choose to process and analyze or discard packets based on
their source or destination IP address or by source or destination Layer 4 port number. You can also
process or discard TCP, UDP, or ICMP traffic. You can analyze or discard traffic based on one or more
combinations of source and destination IP address, port number, and protocol.
Filter strategies consist of a name, description, default filter policy, and one or more filter conditions.
There are two types of filter policies. The Discard filter discards any packet that matches the filter
conditions. The Receive filter processes and reports on any packet that matches the filter conditions.
The Default Policy defines how log packets are treated by default when the conditions of the packet do
not match any of the filter conditions in the filter strategy.
A filter condition is a rule that defines the conditions under which log packets either are processed or
discarded. A filter strategy can have many filter conditions, but every filter strategy must have at least one
filter condition. In addition, at least one of the filter conditions must contain a filter policy that does not
match the default filter policy.
NTA supports a broad set of filter options for filtering by IP address, port, and protocol. You can create
multiple filter conditions for every filter strategy. Every NTA server supports an unlimited number of filter
strategies.
NTA enables you to specify which NetFlow, NetStream, and sFlow packets are processed and which are
discarded. For example, you can create filter strategies for every device or every VPN on every device
that forwards NetFlow, NetStream, or sFlow traffic to NTA. You can create filter strategies by port number
or traffic type across all devices that forward flow traffic to NTA. For example, you can create a simple
filter that discards all ICMP traffic from NTA analysis and reporting. For more detailed information on
filtering strategies in NTA, see "
Using NTA filtering strategies
."
NTA parameter settings
The NTA Parameter Settings feature enables you to configure key analysis and reporting options. You
can configure how many entries NTA displays for TopN reporting, how many days NTA maintains the
flow data collected by devices, the maximum number of displayed entries for audits, and the direction of
VLAN traffic analysis tasks.
You can enable or disable the following:
•
ToS/MPLS Exp traffic analysis
•
Unknown application traffic analysis
•
Host session monitoring
•
Baseline analysis
•
Threshold alarming
•
VPN traffic analysis