- DL manuals
- 3Com
- Software
- Traffix Transcend Traffix Manager
- User Manual
3Com Traffix Transcend Traffix Manager User Manual
Summary of Traffix Transcend Traffix Manager
Page 1
® http://www.3com.Com/ transcend ® traffix ™ manager user guide software version 3.0 for windows nt ® part no. 09-1825-000 published august 1999.
Page 2
3com corporation 5400 bayfront plaza santa clara, california 95052-8145 copyright © 1999 3com technologies. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) withou...
Page 3: Ontents
C ontents a bout t his g uide how to use the traffix manager documentation 11 conventions 13 terminology used in this guide 14 related documentation 14 documents 14 web sites 14 documentation comments 15 year 2000 compliance 16 p art i g etting s tarted with t raffix m anager 1 t raffix m anager o v...
Page 4: III
P art ii h ow t raffix m anager w orks 3 c ollecting d ata how traffix manager processes collected data 35 rmon overview 37 remote monitoring 37 rmon-2 standard 37 how traffix manager discovers network devices using rmon-2 38 4 g rouping n etwork d evices in the m ap overview 39 attributes 40 predef...
Page 5
7 d isplaying n etwork t raffic in the m ain w indow loading network traffic data 57 working with objects in the main window 58 displaying object information 58 searching for objects 59 selecting and deselecting objects 59 locating objects in the map 59 displaying network traffic data 59 displaying ...
Page 6
10 v iewing e vents overview 81 viewing events 82 filtering events 83 summarizing events 84 output of events 84 viewing and managing selected events 85 deleting events 85 ignoring devices or connections 85 displaying an event in the map 85 displaying an event in the launch graph dialog box 85 forwar...
Page 7
12 r eport t ypes report templates 99 activity reports 99 top n reports 99 connection activity report 100 device activity report 101 group activity report 102 segment activity report 103 top n connections report 105 top n devices report 107 top n groups report 109 top n segments report 110 p art iv ...
Page 8: Db F
C a ggregating d evices overview 129 default aggregation 129 specifying an aggregation policy 130 d u sing the s ubnets db f ile using the subnetsdb file 133 how subnet grouping works 135 e a utomatic a ttribute a ssignment overview 137 contents of the user-defined attributes configuration file 138 ...
Page 9: Rmon-2 A
G c onfiguring 3c om s tandalone rmon-2 a gents downloading firmware to 3com standalone agents 153 setting the operational mode on 3com standalone rmon-2 agents 154 h dhcp how traffix manager monitors dhcp devices 157 what effect do dhcp devices have on the map? 157 i u sing rmon-1 a gents monitorin...
Page 11: Bout
A bout t his g uide this guide describes transcend ® traffix ™ manager version 3.0 for windows nt. This application gathers, displays and analyzes enterprise-wide network traffic. Procedural information on how to perform all tasks using traffix manager, as well as context-sensitive information about...
Page 12
12 a bout t his g uide an overview of the rmon-1 and rmon-2 standards, and an introduction to how traffix manager uses rmon-2 agents to collect data from your network. Chapter 3 information on grouping devices to create views of your network in the map. Chapter 4 procedures for launching traffix man...
Page 13
Conventions 13 conventions table 2 and table 3 list conventions that are used throughout this guide. Information about what’s new in this release of traffix manager. Release notes a list of known problems in this release of traffix manager. Release notes table 1 where to find specific information (c...
Page 14
14 a bout t his g uide terminology used in this guide refer to the glossary at the end of this user guide for definitions of terms. Terms which are defined in the glossary are italicized at their first use in the user guide. Related documentation the following documents and web sites contain useful ...
Page 15
Documentation comments 15 rmon-2 protocol identifiers: http://www.It.Kth.Se/docs/rfc/rfcs/rfc2074.Txt miscellaneous list of third-party agents which are supported by traffix manager: http://www.3com.Com/network_management/probe_interop links to network management information: http://snmp.Cs.Utwente....
Page 16
16 a bout t his g uide year 2000 compliance for information on year 2000 compliance and 3com products, visit the 3com year 2000 web page: http://www.3com.Com/products/yr2000.Html.
Page 17: Etting
I g etting s tarted with t raffix m anager chapter 1 traffix manager overview chapter 2 launching traffix manager for the first time.
Page 19: Raffix
1 t raffix m anager o verview this chapter introduces you to traffix ™ manager. It contains the following sections: ■ what to read first ■ features of traffix manager ■ how does traffix manager work? ■ strategy for new users what to read first chapters 1–5 contain a conceptual overview of the proces...
Page 20
20 c hapter 1: t raffix m anager o verview the traffix manager online help contains detailed procedural information on how to perform all tasks, and information about each application dialog box. The traffix manager release notes contain installation information, and a list of known problems with th...
Page 21
How does traffix manager work? 21 ■ industry standards — traffix manager supports the ietf rmon-2 standard, which enables information about network and application layer protocol communication patterns to be collected. See “rmon overview” on page 37 for more information. ■ open database for storage ...
Page 22
22 c hapter 1: t raffix m anager o verview figure 1 traffix manager gathers data from the network the collected data is stored in the database, and checked against configured event rules to see whether a traffic event should be generated. See chapter 9 , “using event rules” , for more information. T...
Page 23
Strategy for new users 23 strategy for new users if you have just begun using traffix manager to monitor your network, you should do the following: ■ set up a limited number of agents from which to collect data until you become familiar with the data collection process. Then you can configure other ...
Page 24
24 c hapter 1: t raffix m anager o verview.
Page 25: Aunching
2 l aunching t raffix m anager for the f irst t ime this chapter provides information on launching traffix ™ manager for the first time. Information on installing traffix manager is documented in the release notes which are shipped with this product. It contains the following sections: ■ installing ...
Page 26
26 c hapter 2: l aunching t raffix m anager for the f irst t ime launching the traffix manager server there are two steps to launching traffix manager: you must launch the traffix manager server first and then launch the traffix manager client. To launch the traffix manager server: 1 select programs...
Page 27
Launching the traffix manager client 27 configuration of data sources, and take you to the point where traffic data is displayed in the main window. The startup wizard first prompts you for the dns domain(s) of those devices which you want to monitor in detail. Traffix manager considers this specifi...
Page 28
28 c hapter 2: l aunching t raffix m anager for the f irst t ime figure 2 traffix manager main window stopping traffix manager to stop a traffix manager client, click exit on the file menu in the main window. To stop the traffix manager server, click stop server in the traffix control panel. Stoppin...
Page 29
Main window reference 29 ■ map —contains a graphical representation of the network, showing the hierarchy of objects and the traffic flowing between them. ■ graph panel —shows the most significant network activity of the currently selected objects in graphical form. See chapter 8 , “displaying traff...
Page 30
30 c hapter 2: l aunching t raffix m anager for the f irst t ime groupings... Launches the groupings dialog box from which you can create, modify and delete groupings from this dialog box. Reload attributes launches the reload attributes dialog box from which you reload attributes for devices in the...
Page 31
Main window reference 31 zoom... Launches a sub-menu in which you select from the following: ■ zoom in — zooms into area containing currently selected objects. If no objects are selected, the currently displayed area is magnified. ■ zoom to — zooms to selected objects, magnifying them in the map as ...
Page 32
32 c hapter 2: l aunching t raffix m anager for the f irst t ime see chapter 7 , “displaying network traffic in the main window” for detailed information on working with objects in the main window. Index launches online help with the index tab selected. About launches the about traffix manager scree...
Page 33: Raffix
Ii h ow t raffix m anager w orks chapter 3 collecting data chapter 4 grouping network devices in the map.
Page 35: Ollecting
3 c ollecting d ata this chapter describes how traffix ™ manager collects data from your network. It contains the following sections: ■ how traffix manager processes collected data ■ rmon overview ■ how traffix manager discovers network devices using rmon-2 how traffix manager processes collected da...
Page 36
36 c hapter 3: c ollecting d ata figure 3 collected data is added to a relational database from the collected data, you can build up a picture of normal levels of network traffic and typical network usage. You can then configure event rules which provide you with information about the traffic on you...
Page 37
Rmon overview 37 rmon overview traffix manager supports all agents that are compliant with the internet engineering task force (ietf) remote monitoring management information base version 1 (rmon-1 mib), defined in rfc 1757, and version 2 (rmon-2 mib), defined in rfcs 2021 and 2074. The rmon standar...
Page 38
38 c hapter 3: c ollecting d ata single segment. Traffix manager uses rmon-2 functionality to build up a picture of communicating devices on the network and the traffic flowing between them, including network layer addresses and protocols seen. For further information on rmon-1 and rmon-2, refer to ...
Page 39: Rouping
4 g rouping n etwork d evices in the m ap this chapter contains the following sections: ■ overview ■ attributes ■ groupings overview with traffix ™ manager, you can group devices in the map according to your own criteria. You can view the use of your network by, for example, cost center, business un...
Page 40
40 c hapter 4: g rouping n etwork d evices in the m ap attributes to understand how traffix manager groups devices in the map, it helps to be familiar with the concepts of attributes and groupings. An attribute is a label for a piece of information about a device: for example, location or ip address...
Page 41
Attributes 41 mac addr only devices which are in the same broadcast domain as the interface on an rmon-2 agent will have the mac address attribute assigned to them. See “assigning mac addresses” on page 42 for an example of this. Vendor the vendor attribute is only assigned if the following criteria...
Page 42
42 c hapter 4: g rouping n etwork d evices in the m ap assigning mac addresses when the client is first started, it tries to locate the traffix manager server through the use of a broadcast message. If the system on which the client is running is not in the same broadcast domain as the server, this ...
Page 43
Groupings 43 the map shows a hierarchical view of the devices in your network according to the selected grouping. By selecting a geographical grouping for example, devices will be grouped according to which country they are in. Within each country, devices may be grouped according to which city they...
Page 44
44 c hapter 4: g rouping n etwork d evices in the m ap a add appropriate entries to the subnetsdb configuration file. See appendix d , “using the subnetsdb file” , for details. B either start a new database or use reload attributes... With subnets checked to update the attributes of existing devices...
Page 45
Groupings 45 figure 5 attributes dialog box the attributes dialog box displays, in rows, a list of selected devices on your network, and in columns, a list of available attributes. By default, devices currently selected in the map are listed, with values for the attributes that apply to the selected...
Page 46
46 c hapter 4: g rouping n etwork d evices in the m ap figure 6 groupings dialog box.
Page 47: III
Iii r unning t raffix m anager chapter 5 launching traffix manager after the first time chapter 6 configuring agents for data collection chapter 7 displaying network traffic in the main window chapter 8 displaying traffic in graphs chapter 9 using event rules chapter 10 viewing events chapter 11 ove...
Page 49: Aunching
5 l aunching t raffix m anager a fter the f irst t ime this chapter provides information on how to launch traffix ™ manager, after the first time. It contains the following sections: ■ launching the traffix manager server ■ launching a traffix manager client ■ client access levels launching the traf...
Page 50
50 c hapter 5: l aunching t raffix m anager a fter the f irst t ime to use a remote server, you must add the ip address of the machine running the server to the shortcut in the start menu. To do so, follow these steps: 1 select settings from the start menu, and then taskbar... 2 in the taskbar prope...
Page 51: Onfiguring
6 c onfiguring a gents for d ata c ollection this chapter describes how to use traffix ™ manager to identify and enable rmon agents on your network for data collection. It contains the following sections: ■ supported rmon agents and interfaces ■ finding agents for data collection see “rmon overview”...
Page 52
52 c hapter 6: c onfiguring a gents for d ata c ollection finding agents for data collection the agents used may be devices with rmon-1 or rmon-2 embedded within them, such as switches or hubs, or they may be dedicated stand-alone rmon probes. You can search for compatible agents from the startup wi...
Page 53
Finding agents for data collection 53 to enable you to manage large numbers of collection agents, agent folders can be created in the tree and the agents dragged and dropped into them. Adding and editing agents from the configure agents dialog box you can use traffix manager to automatically find ag...
Page 54
54 c hapter 6: c onfiguring a gents for d ata c ollection viewing agent statistics you can view the statistics of a selected agent from the agent statistics dialog box. This dialog box displays various statistics related to snmp communication with the agent. Refer to the online help for more detaile...
Page 55
Finding agents for data collection 55 traffix manager. See appendix g for more information about setting the mode on 3com standalone rmon-2 agents..
Page 56
56 c hapter 6: c onfiguring a gents for d ata c ollection.
Page 57: Isplaying
7 d isplaying n etwork t raffic in the m ain w indow this chapter contains the following sections: ■ loading network traffic data ■ working with objects in the main window ■ displaying network traffic data ■ protocols, applications and favorites ■ device aggregation before you can display traffic da...
Page 58
58 c hapter 7: d isplaying n etwork t raffic in the m ain w indow figure 7 load traffic dialog box working with objects in the main window once you have loaded network traffic data, you can display information about objects on your network, search for and select objects, and locate objects in the ma...
Page 59
Displaying network traffic data 59 ■ grey — inactive ■ green — transmitting traffic only ■ yellow — receiving traffic only ■ orange — transmitting and receiving traffic a selected object is colored blue. The shade of grey used to color the inside of a group is only used to make it more visible in th...
Page 60
60 c hapter 7: d isplaying n etwork t raffic in the m ain w indow table 7 describes the traffic display options available from the display menu and from buttons in the main window. Displaying connections between objects with two or more objects selected, click add connections between to display traf...
Page 61
Protocols, applications and favorites 61 combining to and from and between you can use the to and from and between options in combination to turn off a subset of the traffic connections. Removing and hiding traffic to remove all traffic from selected objects in the map, select remove all connections...
Page 62
62 c hapter 7: d isplaying n etwork t raffic in the m ain w indow if you want to change the protocols in an application, create a new favorite rather than edit a predefined application grouping. The concept of having applications and favorites (collections of related protocols) also applies also to ...
Page 63
Protocols, applications and favorites 63 you might then create a favorite called server, containing both user-defined protocols. You could display this favorite in the map as a single color, to show the overall use of both protocols on your network. To set up a user-defined protocol, you need: ■ the...
Page 64
64 c hapter 7: d isplaying n etwork t raffic in the m ain w indow ■ you can only create child protocols if the protocol you are extending supports the addition of child protocols. Many current implementations of rmon-2 agents do not support user-defined protocols. If in doubt, check with your agent ...
Page 65: Isplaying
8 d isplaying t raffic in g raphs this chapter contains the following sections: ■ overview ■ using the graph panel ■ using the launch graph dialog box overview you can use the graph tools in traffix ™ manager to analyze mapped traffic. The graph panel of the main window shows summary information abo...
Page 66
66 c hapter 8: d isplaying t raffic in g raphs using the graph panel the graph panel of the main window shows basic information about the network activity of selected items in the map as a number of graphs. Figure 8 graph panel the following graphs of objects selected in the map are displayed in the...
Page 67
Using the launch graph dialog box 67 use the graph panel settings dialog box to configure the display of the graph panel. Figure 9 graph panel settings dialog box the options for display are: ■ units — the unit of measurement used when calculating the charts: ■ media types — only active if bits per ...
Page 68
68 c hapter 8: d isplaying t raffic in g raphs figure 10 launch graph dialog box the settings used to create the launched graph are those used in the map at the time you launch the dialog box. If the data is filtered in some way, for example by protocol, that filtering is used when producing the gra...
Page 69
Using the launch graph dialog box 69 ■ top objects — show the busiest objects. Which objects are considered depends on the level set in the graph settings dialog box. ■ top connections — shows the busiest connections. Which connections are considered depends on the level and unit total set in the gr...
Page 70
70 c hapter 8: d isplaying t raffic in g raphs.
Page 71: Sing
9 u sing e vent r ules this chapter describes how to use event rules to analyze the data collected by traffix ™ manager and to inform you of traffic changes on your network. This chapter contains the following sections: ■ overview ■ predefined event rules ■ examples of event rules ■ configuring even...
Page 72
72 c hapter 9: u sing e vent r ules the event rules in traffix manager fall into two broad categories: ■ security — an event is generated when some aspect of network security may have been compromised. ■ traffic — an event is generated when a significant change in traffic patterns is detected. The v...
Page 73
Examples of event rules 73 examples of event rules there are a total of eight types of event rule, the possible uses of which are discussed below. Security event rules these types of event rule help you to protect your network from unauthorized access or improper use. Detect unauthorized machine acc...
Page 74
74 c hapter 9: u sing e vent r ules traffic event rules these types of event rule help you to detect significant changes in the behavior of a machine or connection. Such changes are often causes or indicators of problems on the network. They may also indicate that some part of the network is overloa...
Page 75
Configuring event rules 75 by applying the protocol filter to an event rule of this type, you can use it to monitor the usage of specific network services on the devices. For example, you can use this event rule to: ■ monitor the activity of your e-mail servers. ■ monitor the activity of your router...
Page 76
76 c hapter 9: u sing e vent r ules figure 11 event rules dialog box traffix manager provides wizards to help you add and edit event rules. Refining event rules when you add or edit an event rule, you can modify it to monitor the traffic on your network and your network security, according to your o...
Page 77
Using event rules 77 specifying the time filter with certain types of event rule, you can specify the times at which rules apply. For example, you could choose to restrict unauthorized traffic at all times, or only during certain periods. Specifying sensitivity for most event rule types, you can spe...
Page 78
78 c hapter 9: u sing e vent r ules maintaining network security you can configure detect network sweep attack and detect new devices event rules to generate security events. There are event rules of both types already preconfigured. However, your firewall may be a more appropriate source of informa...
Page 79
Using event rules 79 the map can provide you with immediate information about which devices have been using particular servers. Detecting unauthorized servers you can use the detect network sweep attack rule to spot users creating unauthorized servers on the network. For example, you can detect unau...
Page 80
80 c hapter 9: u sing e vent r ules implementing business policies some organizations and network administrators have specific policies about how the network can be used, in general or at different times of day. Detect network misuse and detect unauthorized machine access event rules are powerful to...
Page 81: Iewing
10 v iewing e vents this chapter describes use of the event list. It contains the following sections: ■ overview ■ viewing events ■ viewing and managing selected events ■ forwarding events as snmp traps overview traffix ™ manager enables you to create event rules about the traffic on your network an...
Page 82
82 c hapter 10: v iewing e vents viewing events you use the event list to display information about events. Figure 12 event list the event list provides the following information about each event: ■ acknowledged — whether the event has been acknowledged. By default only unacknowledged events are dis...
Page 83
Viewing events 83 ■ the severity of the event. ■ the rule that generated the event. ■ a detailed explanation of the reason for the event. ■ the activity of the device before and after the change that caused the event. You can sort, filter, and summarize the display of events. These last two operatio...
Page 84
84 c hapter 10: v iewing e vents ■ by event rule. ■ by device / group — you can select a grouping and a group or device. When launched for a particular group or device from the map, the event list shows all events in the event log which relate to the selected device or group. Only events generated b...
Page 85
Viewing and managing selected events 85 viewing and managing selected events by selecting an event in the event list, you can carry out the following actions. These actions do not apply to events generated by the collector or the reporter. ■ show detailed information about the event. ■ acknowledge t...
Page 86
86 c hapter 10: v iewing e vents forwarding events as snmp traps by selecting an event in the event generation dialog box, you can choose to forward the event as an snmp trap to your own open management platform (for example, hp openview or sunnet manager). The event generation dialog box allows you...
Page 87
Forwarding events as snmp traps 87 2 the mib files that define events are supplied by a number of enterprises. Select 3com in the enterprises field of the event configuration dialog box. The system object id corresponds to the value supplied with the snmp trap. 3 the list in the bottom half of the e...
Page 88
88 c hapter 10: v iewing e vents.
Page 89: Verview
11 o verview of r eporting this chapter contains the following sections: ■ overview ■ managing reports ■ strategy for reporting ■ effects of grouping on reports overview you use the reporting tools in traffix ™ manager to produce professional, multi-page reports from collected data about the traffic...
Page 90
90 c hapter 11: o verview of r eporting ■ use top n reports to determine and report on the most active objects on your network. Here, n is a number between 1 and 50 that you can choose for each report. The different types of report are detailed in chapter 12 . Report instances you can set up reports...
Page 91
Overview 91 weekly reports these reports use all data collected on the day specified and the following 6 days. The report is generated in the early hours of the day after the last day covered by the report. For example, if you select from friday through to the following thursday ( figure 15 ), data ...
Page 92
92 c hapter 11: o verview of r eporting managing reports you use the report manager to add, schedule, edit and delete reports. Figure 17 report manager the report manager has three main areas: ■ reports — displays a tree of report types, instances, raw data, and output. You can add, edit and delete ...
Page 93
Managing reports 93 the reporting features available depend on the client access level. A read-only user can browse existing reports, view report details, and view reports in the output queue. An administrator can also add, edit and delete reports, change report scheduling and output options, and ru...
Page 94
94 c hapter 11: o verview of r eporting you can choose to delete raw data to reclaim disk space if required. See “setting global report options” on page 96 for more information about deleting raw report data. ■ report output — if you have scheduled the output of a report instance as html, the genera...
Page 95
Managing reports 95 ■ period — the time range covered by the selected raw data or output. ■ keep report — the date the report is to be deleted, or keep forever, if the report is to be kept indefinitely. ■ status — whether raw data or output was generated successfully. To display the generation histo...
Page 96
96 c hapter 11: o verview of r eporting monitoring report generation and output use the output queue to view output requests that are due to be run, that are complete, or have failed. (report output could fail if, for example, a file cannot be written to, or a printer is off line. See “troubleshooti...
Page 97
Strategy for reporting 97 strategy for reporting this section contains a strategy to help new users begin reporting with traffix manager. Getting started one of the most beneficial features of the report manager is that you can use it to obtain a picture of your network’s usual behavior. The quickes...
Page 98
98 c hapter 11: o verview of r eporting groups, rather than for your entire network. See “creating and assigning attributes” on page 44 for more information. Generate a top n summary report to determine objects for an activity report you can run top n reports in two modes: ■ summary mode just identi...
Page 99: Eport
12 r eport t ypes this chapter describes in detail each type of report in traffix ™ manager. Report templates for each kind of object — connections, devices, groups of devices, and segment — there are two types of report template, activity and top n. Activity reports each activity report consists of...
Page 100
100 c hapter 12: r eport t ypes ■ the last section contains information about the report itself such as its title, whether it was scheduled or run ad hoc, and when it was created. The different types of report are described in turn in the remainder of this chapter. Connection activity report this re...
Page 101
Device activity report 101 device activity report this report contains detailed information on each specified device. 2 report information information about the report itself. Table 8 connection activity report charts (continued) report section chart title description table 9 device activity report ...
Page 102
102 c hapter 12: r eport t ypes group activity report this report contains detailed information on each specified group. There are three ways you can report on groups: ■ external — traffic flowing into or out of the group only ■ internal — traffic flowing within the group only ■ overall — both exter...
Page 103
Segment activity report 103 segment activity report this report contains detailed information on each specified segment. For the purposes of reporting, it is assumed that each separate segment of your network is monitored by an agent interface. Many sites (particularly in a switched environment) hav...
Page 104
104 c hapter 12: r eport t ypes error history with baseline a baseline chart showing the actual total number of error packets over the report period as a line. This is overlaid on bands representing normal, borderline and unusual error totals. These baselines are calculated using a statistical analy...
Page 105
Top n connections report 105 top n connections report this report calculates the top n connections by total octets sent and received over the report period. A connection can be one of the following: ■ a single conversation between two devices ■ the total of multiple conversations between a device an...
Page 106
106 c hapter 12: r eport t ypes ■ “from us at country level to uk at city level” tells you which cities in the u.K. Communicated most with the u.S. ■ “from us at device level to uk at device level” tells you the busiest connections between individual devices in the u.S. And u.K., such as server1 to ...
Page 107
Top n devices report 107 top n devices report this report calculates the top n devices by total octets sent and received, and by the number of “hits” over the report period. You can limit the report to consider only devices within a specified group. For example: ■ select the traffix root group and t...
Page 108
108 c hapter 12: r eport t ypes 1.2 top devices by hits a stacked bar chart containing the top n devices as measured by total hits, broken down by protocol. A hit is a conversation of a particular protocol between the device and another device. Protocol distribution of top devices a pie chart showin...
Page 109
Top n groups report 109 top n groups report this report calculates the top n groups by total octets sent and received over the report period. You can limit the report to consider only groups at a specified level in the grouping scheme within a parent group. Some examples of group reports are: ■ geog...
Page 110
110 c hapter 12: r eport t ypes top n segments report this report calculates the top n segments by utilization, and by percentage of errors. For most networks it is sufficient to allow traffix manager to select automatically the top n segments by selecting all segments for the top n segments report....
Page 111
Top n segments report 111 utilization history a multiple line chart showing the history of the utilization for each of the n segments over the report period. Utilization health chart an alternative way of viewing the utilization history. Utilization values are shown as cells with the cell color indi...
Page 112
112 c hapter 12: r eport t ypes utilization history with baseline a baseline chart showing the actual utilization over the report period as a line. This is overlaid on bands representing normal, borderline and unusual utilization. These baselines are calculated using a statistical analysis of data f...
Page 113: Ppendices
Iv a ppendices and i ndex appendix a troubleshooting traffix manager appendix b database management using traffix control panel appendix c aggregating devices appendix d using the subnetsdb file appendix e automatic attribute assignment appendix f supported rmon-2 devices appendix g configuring 3com...
Page 115: Roubleshooting
A t roubleshooting t raffix m anager this appendix is divided into two sections: ■ troubleshooting traffix manager ■ troubleshooting reports for information on reporting problems to 3com, see appendix k , “technical support” . Troubleshooting traffix manager table 16 contains descriptions of problem...
Page 116
116 a ppendix a: t roubleshooting t raffix m anager troubleshooting reports see chapter 11 , “overview of reporting” for information on the reporting features of traffix manager. Diagnosing reporting problems table 17 contains descriptions of problems you might encounter when using the reporting too...
Page 117
Troubleshooting reports 117 table 17 diagnosing reporting problems problem cause solution raw report fails when running ad hoc or scheduled reports. Database directory is full (raw report data is stored in the database). ■ increase the disk space available to the database. ■ delete unused raw report...
Page 118
118 a ppendix a: t roubleshooting t raffix m anager reports take very long time to run. Reports using large amounts of data can take some time to complete. ■ speed up ad hoc report generation by generating reports for fewer numbers of devices, groups, protocols or segments. ■ schedule reports to run...
Page 119
Troubleshooting reports 119 “error could not open output file: ” in event viewer. The reporter was unable to create an output file. This is most often caused by insufficient permissions — you do not have permission to create output files where requested. Table 17 diagnosing reporting problems (conti...
Page 120
120 a ppendix a: t roubleshooting t raffix m anager.
Page 121: Atabase
B d atabase m anagement u sing t raffix c ontrol p anel this appendix contains: ■ overview of traffix control panel ■ overview of database applications ■ upgrading traffix manager 2.0 overview of traffix control panel from the traffix control panel, you can manage the operation of the traffix ™ serv...
Page 122
122 a ppendix b: d atabase m anagement u sing t raffix c ontrol p anel figure 18 traffix control panel these applications help you to manage and organize a number of databases, for example, if you want to keep extra databases for backup purposes or to provide snap shots of your network or portions o...
Page 123
Overview of database applications 123 ■ the amount of free disk space remaining on your pc for data collection to the database. ■ the location of html reports. From this dialog box, you can launch the following operations: ■ create a new database to write data from the network to. Unless you want to...
Page 124
124 a ppendix b: d atabase m anagement u sing t raffix c ontrol p anel ■ the amount of hourly and daily data which has already been collected. In this dialog box, you can specify the maximum amount of data that you want the traffix manager databases to hold altogether. You can carry out the followin...
Page 125
Overview of database applications 125 3com recommends that you back up your database regularly, the frequency depending on how important your trend data is to the way you monitor your network. If you want to view and report on your weekly data, you should back up your database once a week. If viewin...
Page 126
126 a ppendix b: d atabase m anagement u sing t raffix c ontrol p anel this dialog box also allows you to select whether traffix manager starts automatically every time you log on to your machine. Default dns domain allows you to set a default dns domain, if you wish to change the previously configu...
Page 127
Upgrading traffix manager 2.0 127 deinstalling traffix manager 2.0 to deinstall traffix manager 2.0 for nt: 1 close traffix manager and all related processes. To check which processes are running, right-click the windows nt taskbar and select task manager. The applications and processes tabs contain...
Page 128
128 a ppendix b: d atabase m anagement u sing t raffix c ontrol p anel 1 to display a program group, right-click start and select open all users. Double-click a program entry to display the program group. 2 right-click the control button in the top left corner of the traffix manager program group ti...
Page 129: Ggregating
C a ggregating d evices this appendix describes: ■ overview ■ default aggregation overview aggregation reduces the amount of memory and disk resources required by traffix ™ manager by collating the data collected for many devices into a single device. For example, in sites where there is a lot of in...
Page 130
130 a ppendix c: a ggregating d evices specifying an aggregation policy to aggregate devices on a particular network, it is necessary for the aggregator to be configured for that network. This is done by specifying an aggregation policy. Once an aggregation policy has been configured, it only affect...
Page 131
Default aggregation 131 selecting the default aggregation action the default aggregation action is the method of aggregation applied to network devices which have a dns name, but which are not contained within one of the local dns domains. There are three default aggregation actions, from which you ...
Page 132
132 a ppendix c: a ggregating d evices if layer 2 above the name is selected, the device office.Acme.Com is aggregated into the device representing .Com . If a network device does not have the selected layer above the name, then the device is aggregated into a device representing the highest dns lay...
Page 133: Sing
D u sing the s ubnets db f ile using the subnetsdb file this facility allows you to group the devices on your network by subnet. Click subnets editor in the traffix ™ control panel to edit the subnet definition file, which contains information about subnet groupings. This file can be edited and reap...
Page 134
134 a ppendix d: u sing the s ubnets db f ile subnet masks must comply with the primary internet network class types by covering at a minimum the part of the address that represents the network bits. In table 18 , * is any number between 0 and 255. Table 18 subnet masks if a subnet mask spans more t...
Page 135
Using the subnetsdb file 135 4 if you already have devices showing in the map, reload the subnets attributes using the reload attributes dialog box, which you access from the edit menu in the main window. 5 create a subnets grouping. See “predefined groupings” on page 43 for information on how to cr...
Page 136
136 a ppendix d: u sing the s ubnets db f ile for example, if the subnetsdb file was to contain the following entries with the same subnet address: any device matching both of these subnets would be placed in group 2, as this has 16 set bits in its subnet mask, whereas group 1 has only 8 set bits. ■...
Page 137: Utomatic
E a utomatic a ttribute a ssignment this appendix describes: ■ overview ■ contents of the user-defined attributes configuration file ■ performing attribute assignment ■ using the fileattrs program ■ using the dblookup program ■ writing your own program overview automatic attribute assignment within ...
Page 138
138 a ppendix e: a utomatic a ttribute a ssignment by editing the user-defined attributes configuration file, you select which programs are used to determine attributes for objects. You can use the standard programs supplied, or you can create your own custom programs. There are two standard program...
Page 139
Contents of the user-defined attributes configuration file 139 file format lines beginning with # are comments and are ignored. All other lines take the form: ■ is used in the collector event logs to refer your attribute lookup program. Otherwise it is unused. ■ is the name of the attribute lookup p...
Page 140
140 a ppendix e: a utomatic a ttribute a ssignment performing attribute assignment attribute assignment is carried out on any newly discovered devices. In addition, you can force a refresh at any time by using the reload attributes dialog box. Refer to the online help for the reload attributes dialo...
Page 141
Using the fileattrs program 141 configuration file example 2 to assign user and operating system information to devices based upon their address: *key:2 *att:nl type, nl address, user, o/s ip, 104.240.20.10, joe bloggs, solaris 2.5 ip, 104.240.20.8, joe bloggs, windows 95 ip, 104.240.20.13, john smi...
Page 142
142 a ppendix e: a utomatic a ttribute a ssignment the key attribute(s) for that device can be any of the attributes which are assigned automatically by traffix manager, for example, nl address and nl type. See “predefined attributes” on page 40 for a list of attributes which are automatically assig...
Page 143
Using the dblookup program 143 network-type lookup tables: for example, a database containing only ip_1 and other_2 lookup-tables is valid. For specific information about access or excel lookup-tables, see below. Default values devices may be assigned default values. If no full match was found for t...
Page 144
144 a ppendix e: a utomatic a ttribute a ssignment excel worksheet the lookup-tables are stored in excel named-ranges. Lookup named-ranges can be stored on separate worksheets or in the same worksheet. To create a named-range, simply select the cells containing your data, select insert/name/define f...
Page 145
Writing your own program 145 then, when a device is discovered, dblookup does the following: 1 dblookup builds a sql string with the device’s key attributes values and runs a query against the database to find a match. 2 if no match is found, it waits for the next device. 3 otherwise it takes the be...
Page 146
146 a ppendix e: a utomatic a ttribute a ssignment (there is one version in visual basic and one in c): figure 19 simple attribute lookup process in c while ( getnextlookup() ) { if ( strcmp( getattribute( "nl type" ), "ip" ) == 0 ) setattribute( "new device", "true" ); } figure 20 simple attribute ...
Page 147
Writing your own program 147 an attribute new device to the value true. Nl type is a built-in attribute which is always set to the network type of a device. This means that every ip device is assigned the attribute new device with a value of true. ■ because of the while loop in the program, the prog...
Page 148
148 a ppendix e: a utomatic a ttribute a ssignment the c examples are located in c:\transcend traffix manager\traffixserver\examples\c and the visual basic examples are in c:\transcend traffix manager\traffixserver\examples\vb . You should copy one of these samples to your own directory before modif...
Page 149
Writing your own program 149 other points to note about user-defined attribute lookup programs: ■ if your program exits prematurely, for example, it crashes, then the traffix service stops. Therefore you must ensure that your program is reliable. ■ your program must startup within 30 seconds. This m...
Page 150
150 a ppendix e: a utomatic a ttribute a ssignment attribute lookup programs which depend on the name, nl type, nl address, network or dns attributes. Run the program attrlooktest.Exe in traffixserver (this is not on the windows start menu). The program displays a dialog box which allows you to run ...
Page 151: Upported
F s upported rmon-2 d evices 3com agents the current list of 3com agents is available from the 3com web site: http://www.3com.Com/network_management/probe_interop using firmware version 4.17, the agents support all rmon-1 and rmon-2 groups. Version 4.10 or later is needed on the single port and dual...
Page 152
152 a ppendix f: s upported rmon-2 d evices.
Page 153: Onfiguring
G c onfiguring 3c om s tandalone rmon-2 a gents this appendix contains the following sections: ■ downloading firmware to 3com standalone agents ■ setting the operational mode on 3com standalone rmon-2 agents downloading firmware to 3com standalone agents you should always run the latest version of m...
Page 154
154 a ppendix g: c onfiguring 3c om s tandalone rmon-2 a gents caution: downloading firmware to an agent causes the agent to cold restart. Refer to the firmware upgrade documentation or your agent documentation for a description of the data lost when an agent is cold restarted. The latest version of...
Page 155
Setting the operational mode on 3com standalone rmon-2 agents 155 ■ traffix mode sets appropriate table sizes on the device for use with traffix manager. ■ off disables rmon-2. With rmon-2 disabled you can download smartagent ® software to the device. If you disable rmon-2 on an agent which supports...
Page 156
156 a ppendix g: c onfiguring 3c om s tandalone rmon-2 a gents.
Page 157: Dhcp
H dhcp this appendix contains the following sections: ■ how traffix manager monitors dhcp devices ■ what effect do dhcp devices have on the map? How traffix manager monitors dhcp devices traffix ™ manager normally uses the network layer address (for example, ip address, ipx address) as the unique wa...
Page 158
158 c hapter h: dhcp (with the old mac address) will also remain on the map. There will therefore be two devices on the map with the same ip address, although with different mac addresses. Any conversation data retrieved for this ip address is subsequently assigned to the new device. This continues ...
Page 159: Sing
I u sing rmon-1 a gents monitoring network segments using rmon-1 agents many sites (particularly in a switched environment) have large numbers of network segments, and it may be too expensive to monitor all segments with rmon-2 agents. You can use any existing embedded rmon-1 only devices (hubs, swi...
Page 160
160 a ppendix i: u sing rmon-1 a gents.
Page 161: Rmon
J rmon and snmp t ables r etrieval this appendix lists the snmp tables retrieved by traffix ™ manager. Refer to the following urls for descriptions of rmon tables: ■ rmon-1 request for comment: http://www.It.Kth.Se/docs/rfc/rfcs/rfc1757.Txt ■ rmon-2 request for comment: http://www.It.Kth.Se/docs/rfc...
Page 162
162 a ppendix j: rmon and snmp t ables r etrieval rmon-2 protodist no for protocol distribution (reports only) rmon-2 addressmap no network layer to mac address mapping rmon-2 almatrixtopn / almatrix / nlmatrixtopn / nlmatrix at least one must be supported for rmon-2 data rmon-2 conversation traffic...
Page 163: Echnical
K t echnical s upport 3com ® provides easy access to technical support information through a variety of services. This appendix describes these services. Information contained in this appendix is correct at time of publication. For the most recent information, 3com recommends that you access the 3co...
Page 164
164 a ppendix k: t echnical s upport 3com ftp site download drivers, patches, software, and mibs across the internet from the 3com public ftp site. This service is available 24 hours a day, 7 days a week. To connect to the 3com ftp site, enter the following information into your ftp client: ■ hostna...
Page 165
Support from your network supplier 165 access by digital modem isdn users can dial in to the 3com bbs using a digital modem for fast access up to 64 kbps. To access the 3com bbs using isdn, call the following number: 1 847 262 6000 3com facts automated fax service the 3com facts automated fax servic...
Page 166
166 a ppendix k: t echnical s upport when you contact 3com for assistance, have the following information ready: ■ product model name, part number, and serial number ■ a list of system hardware and software, including revision levels ■ diagnostic error messages ■ details about recent configuration c...
Page 167
Returning products for repair 167 returning products for repair before you send a product directly to 3com for repair, you must first obtain an authorization number. Products sent to 3com without authorization numbers will be returned to the sender unopened, at the sender’s expense. To obtain an aut...
Page 169: Lossary
G lossary agent a standalone or embedded source of rmon-1 or rmon-2 data. Aggregation the process of adding the data from multiple devices in the same domain, and representing those devices as a simple “aggregated” device. Used to limit database growth. Application as used in traffix ™ manager, this...
Page 170
170 g lossary bit either of the digits 0 or 1 when used in the binary numeration system. Eight bits equals a single byte. Broadcast all good frames destined for the broadcast address, in other words sent out to all stations on the network. Some broadcasts are limited to the local network, and some b...
Page 171
G lossary 171 of the destination ip address, the station sends the message to the destination station. Due to the static nature of dns, it can only be used when network stations have static ip addresses obtained through manual configuration, bootp or dhcp in static mode. Domain part of the naming hi...
Page 172
172 g lossary ip (network) address internet protocol address. A unique identifier for a device attached to a network using tcp/ip. The address is written as four octets separated with full-stops (periods), and is made up of a network part, identifying which network the device resides on, and a host ...
Page 173
G lossary 173 osi open systems interconnection, a body of standards set by the international standards organization to define the activities that must occur when computers communicate. The osi reference model is a 7-layer framework within which communications protocols and standards have been define...
Page 174
174 g lossary separated by periods. Devices and routers use the mask to identify the subnet on which a device resides. Switch a device which filters, forwards and floods packets based on the packet’s destination address. The switch learns the addresses associated with each switch port and builds tab...
Page 175: Ndex
I ndex numbers 3com bulletin board service (3com bbs) 164 3com knowledgebase web services 163 3com url 163 3comfacts 165 a access tables dblookup program 143 acknowledging events 85 activity reports 89, 99 ad hoc reports 90, 94 add agents dialog box 53 adding agents 53 connections between objects 60...
Page 176
176 i ndex b bulletin board service 164 c client access levels 50 administrator access 50 description 37 launching after the first time 49 launching for the first time 26 read-only user 50 running multiple clients against a single server 50 cold restart losing data 154 collecting data adding agents ...
Page 177
I ndex 177 network sweep attacks 73 new devices on your network 73 unauthorized machine access 73 device activity report contents 101 device aggregation default aggregation action 131 local domain specification 130 local domains 130 overview 23, 64 setting maximum device limit 132 specifying aggrega...
Page 178
178 i ndex excepting devices or connections from rules 85 filtering 83 forwarding as snmp traps 86 generating 20, 36 ignoring devices or connections 85 modifying 85 monitoring critical connections 75 monitoring critical devices 74 monitoring long term trends 77 monitoring network resource usage 74 m...
Page 179
I ndex 179 html can’t find html files? 117 index file 94, 95 lifetime of files 96 report directory, moving and linking to 94, 95 serving directory to web server 94, 95 troubleshooting 117 viewing report output 95 i interface types supported 51, 151 invalid ip addresses 53 ip addresses default gatewa...
Page 180
180 i ndex detecting unauthorized machine access 73 general rules 78 network supplier support 165 network traffic typical 36 network traffic rules configuring events 71 monitoring critical connections 75 monitoring critical devices 74 monitoring long term trends 77 monitoring network resource usage ...
Page 181
I ndex 181 report directory linking to html reports 94, 95 report formats 96 report instances overview 93 report manager 92 displaying information about output status 92 displaying information about raw data 92 displaying information about report instances 92 interpreting raw data and html output 94...
Page 182
182 i ndex rmon-2 standard mode description 154 setting 54 rmon-2 traffix mode description 154 setting 54 rules. See events running multiple clients against a single server 50 s scenarios reporting 97 scheduling reports 90, 92, 94 searching for objects in the main window 59 security configuring even...
Page 183
I ndex 183 traffix manager assigning attributes automatically 137 database management 121 to 126 features 20 getting started 19, 23 how it works 21 how to use the documentation 11 launching after the first time 49 launching for the first time 25 launching with no data collected 52 main window 27, 28...
Page 184
184 i ndex.
Page 185
3com corporation l imited w arranty transcend ® traffix ™ manager 3.0 for windows nt ® s oftware 3com warrants that each software program licensed from it will perform in substantial conformance to its program specifications, for a period of ninety (90) days from the date of purchase from 3com or it...
Page 186
The alleged defect or malfunction in the product does not exist or was caused by customer’s or any third person’s misuse, neglect, improper installation or testing, unauthorized attempts to open, repair or modify the product, or any other cause beyond the range of the intended use, or by accident, f...