Managing nta data sources – H3C Technologies H3C Intelligent Management Center User Manual
Page 21
11
2 Configuring NTA for traffic analysis and
auditing
NTA enables you to manage the reception, analysis and presentation of network flow records. You must
configure devices to forward network flow data to NTA, add devices and probes to NTA, select each
device and probe in the NTA server configuration page, and then create a task for each type of reporting
you want. NTA produces reports using data generated by devices and probes, and there are many
configuration parameters in NTA that enable you to tune very specifically how NTA analyzes and
presents data.
This chapter describes how to add devices and probes to NTA. It describes the configuration options for
NTA server management, and the process of managing applications, protocols, and application
categories in NTA. It reviews the parameters for tuning, describes the NTA filtering strategies, and it
reviews the process for managing database space.
Managing NTA data sources
NTA supports two types of devices as network flow data sources. The first type of devices are devices
such as routers and switches that support NetStream v5/v9, NetFlow v5/v9, or sFlow v5 monitoring. You
can add devices to NTA using the Device Management feature. When network flow data from one or
more of these devices is necessary, you can modify the NTA server configuration, and deploy the new
configuration. This makes it easy to adjust your network flow analysis configuration as your needs
change.
The second device type for which NTA processes network flow data is a probe. A probe in NTA is a
server that has the probe application program installed. A probe creates network flow records from
devices that do not support network flow record generation. Using the probe, you can mirror traffic from
a router or switch port or through an inline tap to a probe server that collects and analyzes the traffic
before forwarding to an NTA server. As with Device Management, the Probe Management feature of
NTA allows you to add probes without enabling network flow record processing for them until the need
arises.
The NTA Device List contains devices such as routers, switches, and other devices that have been added
to NTA as a potential source of network flow records. Adding a device or probe to NTA establishes a
communication path between NTA as the network flow collector and the devices or probes that generate
network flow records. It does not enable data collection or processing in NTA, nor does it add the device
or probe to traffic analysis tasks for reporting purposes. To do so, you must select every device and probe
for which you want to process data using the feature described in "
." After you do this, the device or probe becomes available for use in all traffic analysis
tasks, and the device data then becomes generally available to traffic analysis tasks. To include device
data in specific interface and VPN tasks, create a traffic analysis task, and select the devices you want
to include in the reporting. Adding devices to NTA does not enable NetStream, NetFlow, or sFlow on the
device itself. You must also enable NetStream, NetFlow, or sFlow on the devices that you add to this list.
After you add a probe to NTA, you must select it using the feature described in "
The probe data then becomes generally available to traffic analysis tasks. To include probe data in a
specific probe traffic analysis task, you must add the probe to a probe traffic analysis tasks. For more
information on configuring a probe traffic analysis task, see "
Managing probe traffic analysis tasks
."