11 performing traffic log audits in nta, Configuring nta for traffic log auditing, Adding data sources to nta – H3C Technologies H3C Intelligent Management Center User Manual
Page 341: Adding a device, Adding a probe, 11 performing traffic log audits in
331
11 Performing traffic log audits in NTA
Traffic log auditing in NTA provides you with the ability to generate source, destination, and session
traffic reports based on NTA's data capture from the data source you select. NTA supports traffic log
auditing for one interface on a device or for the selected data sources for an existing interface, probe,
or VPN task. To use the traffic log auditing feature, devices, probes, and interface, probe, or VPN tasks
must already exist in NTA prior to the execution of a traffic log audit. This chapter describes the process
of configuring NTA to support traffic log auditing and provides instructions for executing a traffic log
capture as well as viewing the reports generated by them.
Configuring NTA for traffic log auditing
Traffic log auditing leverages the traffic packets captured by the interfaces of devices, VPNs, and probes
that have been added to NTA and configured in traffic analysis tasks. Therefore, performing a traffic log
audit for viewing source, destination, or session statistics requires pre-audit configuration of NTA. The
following information explains how to configure NTA before using the traffic log auditing feature.
Adding data sources to NTA
Before you can use the NTA traffic log auditing feature to view source, destination, and session traffic
statistics for a selected data source, you must first add the data source to NTA. Then, you must create a
traffic analysis task for the interface, probe, or VPN in order to make the interface, probe, or VPN
available as a data source for traffic log audits. The following information describes adding devices,
probes, and VPNs as data sources.
Adding a device
The traffic log auditing feature enables you to use the interfaces of devices as data sources in NTA. To use
a device interface in a traffic log audit, you must first add the device to NTA. For information on adding
a device to NTA, see "
," specifically "
Adding an NTA data source device
You must also configure the device to forward NetStream, NetFlow, or sFlow traffic to the NTA server. See
the vendor documentation for information on configuring a router or switch to enable NetStream,
NetFlow, or sFlow data to a collector. For more information on configuring the NTA server as a collector,
see "
After you have added a device to NTA, you select the device or probe in the NTA server configuration.
Adding a probe
You can use the probes that have been configured in traffic analysis tasks as a data source for traffic log
auditing. A probe in NTA is a server running probe server software that converts traffic it receives through
mirroring into network flow records that NTA can process. To add a probe to NTA, see "
You must also install the probe application program on a dedicated server and configure it to receive
traffic mirrored from the ports which you want to view statistics for.
You must configure the router or switch to mirror traffic from one or more ports to the port to which the
probe server is connected. If you are using a tap kit, you must also install the tap kit inline into the link
being monitored. See the vendor documentation for information on configuring a router or switch to