Savvius Insight User Guide - Savvius Insight Support Portal

Transcription

Insight_UG.book Page i Friday, July 8, 2016 12:19 PM
TM
User Guide
Insight_UG.book Page ii Friday, July 8, 2016 12:19 PM
Copyright © 2016, Savvius, Inc. All rights reserved. Information in this document is subject to change without notice.
No part of this document may be reproduced or transmitted in any form, or by any means, electronic or mechanical,
including photocopying, for any purpose, without the express written permission of Savvius, Inc.
AiroPeek SE, AiroPeek NX, AiroPeek VX, Compass Live, EtherPeek SE, EtherPeek NX, EtherPeek VX, Gigabit
Analyzer Card, GigaPeek NX, iNetTools, NAX, NetDoppler, NetSense, Network Calculator, Omni³, Omni Capture
Engine, Omni Desktop Engine, Omni DNX Engine, OmniAdapter, OmniAdapter 10G, OmniAdapter 10G MX,
OmniEngine Desktop, OmniEngine Enterprise, OmniEngine Manager, OmniEngine Workgroup, Omni Management
Console, Omni PacketGrabber, Omni Virtual Network Service, Omnipeek, Omnipeek Basic, Omnipeek Connect,
Omnipeek Enterprise, Omnipeek Enterprise Connect, Omnipeek for Savvius Insight, Omnipeek Personal, Omnipeek
Professional, Omnipeek Remote Assistant, Omnipeek Workgroup, Omnipeek Workgroup Pro, Omnipeek Personal,
Omnipliance, Omnipliance Core, Omnipliance CX, Omnipliance Edge, Omnipliance MX, Omnipliance Portable,
Omnipliance SuperCore, Omnipliance TL, Omnipliance WiFi, OmniStorage, OmniSpectrum, OmniVirtual,
OmniWatch, PacketGrabber, Peek DNX, ProConvert, ProtoSpecs, RFGrabber, RMONGrabber, Savvius, Savvius
Academy, Savvius Insight, Savvius Vigil, TimeLine, TimeLine Network Recorder, WAN Analyzer Card, WANPeek NX,
WatchPoint, WildPackets, WildPackets Academy, WildPackets Compass, and WildPackets OmniAnalysis Platform are
trademarks of Savvius, Inc. All other trademarks are the property of their respective holders.
Savvius, Inc. reserves the right to make changes in the product design without reservation and without notification to
its users.
Contacting Savvius
Mailing Address
Savvius, Inc.
1340 Treat Blvd., Suite 500
Walnut Creek, CA 94597
Voice/Fax
8 AM - 5 PM (PDT)
(925) 937-3200
(800) 466-2447 (US only)
Fax: (925) 937-3211
Sales
[email protected]
Web
https://www.savvius.com
Self-support portal for Savvius Insight
https://insight.savvius.com
Resources
See https://www.savvius.com/support/resources for white papers, tutorials, technical briefs and more.
ii
Insight_UG.book Page iii Friday, July 8, 2016 12:19 PM
1
Professional Services
Savvius offers a full spectrum of professional services, available onsite or remote, to help customers make the most of
their network infrastructure investment. The Savvius Professional Services team stands ready to partner with you to
maximize your network performance and to minimize your network downtime. Savvius technical instructors,
network systems engineers, and custom software developers can help you design, build, manage, and secure a better
network for your business.
See http://www.savvius.com/services for course catalog, current public course scheduling, web-delivered courses,
OnDemand courses, and consulting services.
Savvius Academy
(800) 466-2447
[email protected]
Developer Community
To join the Savvius Developer Network and gain access to product plug-ins, plug-in wizards, and API documentation,
please visit http://mypeek.savvius.com.
Compliances
CE
This product has passed the CE test for environmental specifications. Test conditions for passing included the
equipment being operated within an industrial enclosure. In order to protect the product from being damaged by
ESD (Electrostatic Discharge) and EMI leakage, we strongly recommend the use of CE-compliant industrial enclosure
products.
FCC Class B
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of
the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a residential environment. This equipment generates, uses and can radiate radio frequency
energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to
radio communications. Operation of this equipment in a commercial area is likely to cause harmful interference in
which case the user will be required to correct the interference at his own expense.
VCCI
This is a Class B product based on the standard of the Voluntary Control Council for Interference from Information
Technology Equipment (VCCI). If this is used near a radio or television receiver in a domestic environment, it may
cause radio interference. Install and use the equipment according to the instruction manual.
About Savvius, Inc.
Savvius, Inc., a leader in packet-level network analytics and security forensics, enables network and security
professionals to identify, understand, and respond to challenges in network performance and security. Savvius,
formerly WildPackets, has sold products in more than 60 countries and all industrial sectors. Customers include
Apple, Boeing, Cisco, Deutsche Telecom, Fidelity, Microsoft, Nationwide, and a high percentage of the Fortune 1000.
Savvius is a Cisco Solution Partner. For more information, visit https://www.savvius.com.
20160708_IN_20a
iii
Insight_UG.book Page iv Friday, July 8, 2016 12:19 PM
iv
Insight_UG.book Page v Friday, July 8, 2016 12:19 PM
1
Contents
About Savvius Insight. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Customer use cases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Remote office networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Managed Service Providers (MSP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Small businesses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
What’s included . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Hardware summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Savvius Insight workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Installing Savvius Insight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Connecting cables to the front and back panels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Front panel features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Back panel features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Starting / shutting down Savvius Insight. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Initial configuration using the configuration utility . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Upgrading Savvius Insight software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Savvius Insight actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Connecting to Savvius Insight through the serial port. . . . . . . . . . . . . . . . . . . . . . . . 17
Using Savvius Insight for long-term reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Savvius Insight dashboards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Logging into the Savvius Insight dashboards . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Remote server IP address and port in configuration utility . . . . . . . . . . . . . . . 21
Use ‘BRIDGED’ ports for long-term reporting . . . . . . . . . . . . . . . . . . . . . . . . . 22
Importing Savvius Insight dashboards to the remote server . . . . . . . . . . . . . . 22
Using Savvius Insight and Splunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Splunk server IP address in configuration utility . . . . . . . . . . . . . . . . . . . . . . . . 23
Use ‘BRIDGED’ ports for Splunk server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Using Savvius Insight and Omnipeek for Savvius Insight . . . . . . . . . . . . . . . . . . . . . 24
Main program window and Start page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
How to start a capture on Savvius Insight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Capture window views. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Limit capture-to-disk to preserve SSD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Solving problems using Omnipeek for Savvius Insight . . . . . . . . . . . . . . . . . . . . . . . 34
Where do I start?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Who’s using my network, and how? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
How is my network performing?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
How do I get a single view of who’s talking to whom?. . . . . . . . . . . . . . . . . . . . 41
v
Insight_UG.book Page vi Friday, July 8, 2016 12:19 PM
Contents
How do I save a file to share with someone else? . . . . . . . . . . . . . . . . . . . . . . . . 43
Self-support portal for Savvius Insight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Technical specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
vi
Insight_UG.book Page 1 Friday, July 8, 2016 12:19 PM
Savvius Insight
About Savvius Insight
Savvius Insight™ is a compact, quad-core, six-port, mini network appliance that has no fan or
other moving parts, and fits easily into a wiring closet. It includes bridge ports for monitoring the
location’s Internet connection, and three additional ports for monitoring internal networks.
Savvius Insight provides built-in long-term reporting and web-based dashboards for analyzing
and displaying network statistics over long periods. Savvius Insight can also be used for packet
level network and application troubleshooting by connecting directly to it with Savvius
Omnipeek. By installing Savvius Insight in each remote office, network administrators can easily
and affordably gain insight into the performance and security of the network and applications at
all locations under management. Savvius Insight makes enterprise-class network analytics
available in areas that have been under-served until now.
Customer use cases
Remote office networks
In large corporate networks, Savvius Insight complements larger Savvius monitoring
appliances in areas of the network with lower utilization, where you often don't have good
visibility. In these situations, help desk team members can use Savvius Insight for 24x7
monitoring of the health of remote networks with powerful, customizable, and easy to use
web-based dashboards. When problems are identified that require packet level
troubleshooting, protocol analysts in the TAC team can use Savvius Omnipeek network
analysis software to connect directly to the devices and perform packet capture and packetlevel analysis. Savvius Insight can also be used to perform multi-segment analysis with larger
Savvius appliances.
1
Savvius Insight User Guide
Managed Service Providers (MSP)
Savvius Insight is also perfect for managed IT service providers. Managed Service Providers
manage networks and IT infrastructure for clients, typically with 5-50 employees per client.
Savvius Insight lets managed service providers decrease Mean Time To Resolution (MTTR) for
customers and increase their awareness of when problems are brewing, while at the same time
reducing costs. To accomplish this, managed service providers install Savvius Insight at each
customer location. Managed service providers can log into each of the systems at any time to
see the current status of the client's networks. Managed service providers can also define
alarms and alerts on key performance indicators (KPIs) and have notifications sent each time
an alert is triggered. If a problem is detected or an alert is received, the IT service provider can
connect quickly to see what the problem is.
Small businesses
Savvius Insight is well suited for small offices that outsource IT management, like accountants,
insurance agents, and medical professionals. They have one shared IT manager who spends
too much time going from office to office to address typical networking problems, like a slow
network or users having trouble connecting. The IT manager needs remote visibility into each
office, as well as historical data for comparisons when issues arise. With Savvius Insight
installed at each office, the IT manager can track all offices from a single location, using
Insight's built-in long-term network monitoring capabilities, and Savvius Omnipeek for
Savvius Insight for network troubleshooting. By reviewing collected data, the IT manager can
determine the source of most problems in near real-time, and perform quick daily audits to
assure overall reliability and user satisfaction in each office.
This Savvius Insight User Guide explains how to install and begin using Savvius Insight. For
additional information on using Savvius Insight, visit https://insight.savvius.com.
What’s included
Your standard Savvius Insight package includes:
•
•
•
•
•
•
2 What’s included
Savvius Insight appliance
Savvius Capture Engine software pre-installed in Savvius Insight
Savvius Insight Quick Start Guide
AC power adapter and cord
Rubber feet (4)
Serial console cable (RJ45 to DB-9)
Hardware summary
Here is a summary of the hardware for the Savvius Insight:
•
•
•
•
•
•
•
•
•
Quad-core 1700MHZ Intel Atom processor
128GB SSD
8GB RAM
Two USB 2.0 ports
Serial port (with RJ45 physical connection)
Management port
Three Ethernet ports
Two bridge ports
External power adapter
Savvius Insight workflow
Savvius Insight is simple and easy to use! Here are the steps to get you started:
1. Install Savvius Insight. See Installing Savvius Insight on page 4.
2. Connect cables to the front and back panels of Savvius Insight. See Connecting cables to the
front and back panels on page 5.
3. Power on Savvius Insight. See Starting / shutting down Savvius Insight on page 8.
4. Configure the initial settings for Savvius Insight. See Initial configuration using the
configuration utility on page 8.
•
If you are using Savvius Insight to collect data for the built-in local reporting server,
make sure Local is selected as the reporting option in the configuration utility. For
more information on using Savvius Insight with a local reporting server, see Using
Savvius Insight for long-term reporting on page 18.
•
If you are using Savvius Insight to forward packet data to a remote Elasticsearch
server, make sure Remote Elasticsearch is selected and configured as the reporting
option in the configuration utility. For more information on using Savvius Insight
with a remote Elasticsearch server, see Using Savvius Insight for long-term reporting on
page 18.
•
If you are using Savvius Insight to forward packet data to a Splunk server, make sure
Remote Splunk is selected and configured as the reporting option in the
configuration utility. For more information on using Savvius Insight with Splunk, see
Hardware summary
3
Using Savvius Insight and Splunk on page 23.
5. If you are using Omnipeek for Savvius Insight software to start packet captures, and to
analyze the packet files that are captured and saved on Savvius Insight, install the optional
Omnipeek for Savvius Insight software on a Windows computer. For more information
on using Omnipeek for Savvius Insight, see Using Savvius Insight and Omnipeek for
Savvius Insight on page 24.
Installing Savvius Insight
To install Savvius Insight:
1. Determine the location of where to install Savvius Insight. Here are some guidelines for
determining the location:
•
The most common installation location is to install Savvius Insight somewhere
between your cable modem (Internet connection) and the LAN. One of the bridge
ports on Savvius Insight is connected to the cable modem, while the other bridge
port is connected to the LAN.
•
You will need to initially configure Savvius Insight via the ‘0 MGMT’ port using
another computer. Make sure you have easy access to Savvius Insight so that you can
connect the computer to the ‘0 MGMT’ port on Savvius Insight.
•
It is also possible to connect Savvius Insight with a single Ethernet cable to a port on
a router configured as a SPAN port, or to a TAP. Make sure you have easy access to
these connections.
2. Place Savvius Insight on a flat surface.
CAUTION! Do not place anything on top of or directly next to Savvius Insight. Any obstructions to the
heat sink located on top of Savvius Insight can cause the unit to overheat.
3. Attach the rubber feet to the bottom of Savvius Insight.
4. Attach the power adapter by screwing in the connector on the adapter to the power-in
socket on the back panel.
5. Plug the other end of the power adapter to an AC outlet.
4 Installing Savvius Insight
Connecting cables to the front and back panels
Connecting cables to the front and back panels, as well as the LED states on Savvius Insight are
described below.
Front panel features
0 MGMT Port
Serial Port
2 Port
3 Port
4–5 BRIDGED Ports
USB 2.0 Ports
SSD/Status/Power LEDs
•
1 Port
Port LEDs
Serial Port: The serial port lets you connect to another computer terminal for advanced
diagnostics or recovery access using the RJ-45 to DB-9 serial console cable included with
Savvius Insight. The RJ-45 connector on the console cable is connected to the serial port
on Savvius Insight, and the DB-9 (male) connector on the console cable is connected to
the DB-9 (female) serial port on the computer terminal. See Connecting to Savvius Insight
through the serial port on page 17.
Note Many computers do not have a DB-9 serial port. Make sure the computer terminal you are
using has one. If necessary, you can obtain and install a USB to COM adapter on the computer
terminal.
•
SSD/Status/Power LEDs:
•
•
SSD: If the LED blinks, it indicates data access activities; otherwise, it remains off.
Status: When Savvius Insight is first powered on, the LED momentarily blinks green,
and then remains off.
Connecting cables to the front and back panels
5
•
Power: If the LED is on it indicates that the system is powered on. If it is off, it
indicates that the system is powered off.
•
•
USB 2.0 Ports: The USB ports are reserved for future expansion.
•
‘1 – 3’ ports: These Ethernet ports are used for capturing packets from your network.
Connect a standard Ethernet cable from your network to the desired port on Savvius
Insight.
•
‘4 – 5 BRIDGED’ ports: These Ethernet ports are configured as a bridge and are used
when you want to insert Savvius Insight in-line between two network devices. This
configuration allows the capture of traffic flowing between the two network nodes
without requiring a tap. In this implementation, packets enter Savvius Insight through
one of the bridge ports, and then exit Savvius Insight through the remaining bridge port.
Essentially, any traffic that gets to one bridge port is copied to the other bridge port. In
cases where power is turned off or is lost to Savvius Insight, the two bridge ports are
connected as if they are a wire (‘fail to wire’), so Internet connectivity is not lost.
‘0 MGMT’ port: This Ethernet port is the management port that lets you initially
configure Savvius Insight (see Initial configuration using the configuration utility on page
8). Once Savvius Insight is configured, the port can then be used for device management.
Connect a standard Ethernet cable from your network to the ‘0 MGMT’ port.
To establish the bridge, connect standard Ethernet cables so that Savvius Insight is
between your cable modem (Internet connection) and the LAN. One of the bridge ports
on Savvius Insight is connected to the cable modem, while the other bridge port is
connected to the LAN. Both bridge ports must be connected in this fashion in order to
properly establish the bridge.
CAUTION! Do not connect each of the bridge ports to the same IP routed network; otherwise, a routing
loop is created, and can cause the network to be inoperable.
Note If you are using Savvius Insight to forward data to the local built-in server, or to a remote
Elasticsearch or Splunk server, captures are automatically started on the bridge ports, and the
data is forwarded to the server configured in the configuration utility. See Initial configuration
using the configuration utility on page 8.
•
Port LEDs: The two LEDs on the bottom of ports 0–5 light to indicate activity. A green
and yellow LED light to indicate a connection has been established. A flashing yellow LED
indicates data access activities.
6 Connecting cables to the front and back panels
Back panel features
Reset Button
Power-on Button with LED
Power-in Socket
•
Reset Button: Insert a paper clip, and press and hold the reset button for three seconds to
reset Savvius Insight to its factory settings. You will lose all saved settings and data on
Savvius Insight when it is reset to its factory settings. Once Savvius Insight has reset, you
will need to run the configuration utility again as described in Initial configuration using
the configuration utility on page 8.
Note You can also perform a factory reset from the Actions dialog. See Savvius Insight actions on
page 16.
•
Power-on button with LED: Press to power-on or power-off Savvius Insight. When in
Standby mode, the LED lights red; in Power-on mode, the LED lights green; when Off, the
LED does not light.
Note You can also power off Savvius Insight from the Actions dialog. See Savvius Insight actions on
page 16.
•
Power-in Socket: Connects to the screw-on connector on the power adapter included with
Savvius Insight.
Note Make sure the screw-on connector on the power adapter is connected to the Power-in Socket
on Savvius Insight before the power adapter is plugged into an AC power source.
Back panel features
7
Starting / shutting down Savvius Insight
To start Savvius Insight, do the following:
•
Press the power-on button on the back panel of Savvius Insight.
To shutdown Savvius Insight, do one of the following:
•
•
Press the power-on button briefly on the back panel of Savvius Insight.
Click the actions link at the top of the configuration utility to display the Actions dialog,
and then select the Powering Off option.
CAUTION! When shutting down Savvius Insight, pressing the power-on button briefly performs a clean
shutdown of Savvius Insight. Holding the button down for several seconds results in Savvius
Insight doing an immediate shutdown, causing data loss. This operation is only to be used if
Savvius Insight becomes unresponsive.
Initial configuration using the configuration utility
The configuration utility on Savvius Insight lets you configure device, network, time settings,
and reporting options.
Important! Savvius Insight comes from the factory initially configured to an IP address of 192.168.1.21. To
initially run the configuration utility, you must use an Ethernet cable connected directly
between the ‘0 MGMT’ management port on Savvius Insight and your PC or laptop, and then
use a browser window on the PC or laptop to open the configuration utility. The PC or laptop
must be configured to be on the same IP subnet as Savvius Insight (see the Savvius Insight web
page if you need instructions for configuring your computer to be on the same subnet as the
appliance).
Once you are using the configuration utility, you can configure Savvius Insight to a new IP
address that is directly accessible via the network.
To initially configure Savvius Insight using the configuration utility:
1. Use a PC or laptop and configure it for an IP address compatible with the 192.168.1.0/24
network. This allows the PC or laptop to communicate with Savvius Insight, which has a
default address of 192.168.1.21. (See the Savvius Insight web page if you need instructions
for configuring your computer to be on the same subnet as Savvius Insight.)
2. Connect an Ethernet cable from the PC or laptop to the ‘0 MGMT’ port on Savvius
Insight.
8 Starting / shutting down Savvius Insight
3. From a browser window on the PC or laptop, enter the default IP address for Savvius
Insight of 192.168.1.21 in the URL box. The Savvius Insight Login screen appears.
•
•
Username: Enter the default username for Savvius Insight. The default is root.
Password: Enter the password for Savvius Insight. The default is savvius
4. Since you are logging into Savvius Insight for the first time, you are prompted to change
the default password before continuing.
9
•
Current Password: Enter the current password for Savvius Insight. The default is
savvius.
•
•
New Password: Enter the new password for Savvius Insight.
Confirm Password: Enter the new password again for Savvius Insight.
Note The Password that you enter here is used for both Savvius Insight and the Splunk forwarder
that forwards data to the Splunk server. Make sure to note the Password that you configure.
You can also change the Savvius Insight password at any time by clicking Change Password
from the configuration utility.
5. Click Submit. The Savvius Insight Configuration Utility appears.
6. Configure Savvius Insight settings:
Important! Once you configure and apply the settings below, the default address for Savvius Insight of
192.168.1.21 is no longer used. To access the configuration utility again, you must enter the IP
address of Savvius Insight as configured below, as well as the new password entered above.
10 Initial configuration using the configuration utility
Settings
•
Savvius Insight Portal: Click the insight.savvius.com link to access documentation and
support resources for Savvius Insight owners. It contains links to download
Omnipeek for Savvius Insight network analysis software for Windows and the
Savvius for Splunk app.
•
Device Name: Enter a name for Savvius Insight. A unique device name allows for easy
identification of data sources.
•
IP Assignment: This setting lets you specify whether Savvius Insight uses DHCP or
static settings. If DHCP is selected, then Savvius Insight is configured by the DHCP
server. If Static is selected, then Address, Netmask, Gateway, and DNS settings can be
configured for Savvius Insight.
Important! Savvius Insight can be configured to obtain an IP address automatically from a DHCP server;
however, we strongly recommend the use of a static IP address for Savvius Insight. If DHCP is
used, and if the address should change on a new DHCP lease, then the user must look up the
new IP address assigned to Savvius Insight from the DHCP server. To help you look up the IP
address, the MAC Address of Savvius Insight is displayed if you select DHCP.
11
Note If DHCP is selected, you have approximately two minutes to connect Savvius Insight to your
network in order for the DHCP server to assign an IP address. Please make sure Savvius
Insight is connected to your network within the two minute time period from the time you
click Apply. If you reboot Savvius Insight, the two minute clock is also reset.
•
Address: This setting lets you specify the IP address that you are assigning to
Savvius Insight.
•
Netmask: A Netmask, combined with the IP address, defines the network
associated with Savvius Insight.
•
Gateway: Also known as ‘Default Gateway.’ When Savvius Insight does not have
an IP route for the destination, the IP packet is sent to this address as it does not
know how to direct it locally. Only a single default gateway can be defined.
•
DNS: This is the domain name server. A Domain Name Server translates domain
names (e.g., www.savvius.com) into an IP address. Enter the address of the DNS
server, and click Add Server. Multiple DNS name servers can be defined. You
can also edit or delete any defined DNS servers.
Time Settings
•
Timezone: The Timezone setting lets you specify the physical location of Savvius
Insight. Select from the list the location closest to your Savvius Insight.
•
NTP Server: The Network Time Protocol (NTP) is used to synchronize the clocks of
computers over a network. To synchronize the Savvius Insight clock, you can specify
the IP address of an NTP server located on either the local network or Internet. Enter
the address of the NTP server, and click Add Server. Multiple NTP servers can be
defined. You can also edit or delete any defined NTP servers.
Reporting Options
•
None: Select this option if you are not automatically collecting statistics for one of the
three reporting options below.
•
Local: Select this option to configure the built-in local reporting server on Savvius
Insight as the reporting option that Savvius Insight automatically forwards its
network statistics to once the configuration settings are applied. See also Using
Savvius Insight for long-term reporting on page 18:
•
Maximum Space: Enter the maximum amount of disk space (in Gigabytes)
allocated on the reporting server before older data written on the hard disk is
deleted to make room for newer data. Older data is deleted until the total disk
spaced used on the reporting server is below the configured amount.
Note When configuring Maximum Space, keep in mind to leave enough disk space available for
other Savvius Insight functions, including capture-to-disk captures.
•
Dashboard Login: Displays the username used to log into the local reporting
server from a web browser. The default dashboard login username is insight. This
username is different from the login username configured above for the
configuration utility.
13
•
Dashboard Password: Enter a password used to log into the local reporting
server from a web browser. The default dashboard password is savvius. This
password is different from the login password configured above for the
configuration utility.
•
Remote Elasticsearch: Select this option to configure a remote Elasticsearch server as
the reporting option that Savvius Insight automatically forwards its network statistics
to once the configuration settings are applied. See also Using Savvius Insight for longterm reporting on page 18:
•
•
Server: Enter the IP address of the remote Elasticsearch server.
Port: Enter the port used to communicate to the Elasticsearch server.
Note If Remote Elasticsearch is selected as the reporting option in the configuration utility, in order
to view the Savvius Insight dashboards, you will first need to log into the remote Elasticsearch
server and import the Savvius Insight dashboards file to the server. See Importing Savvius
Insight dashboards to the remote server on page 22.
•
Remote Splunk: Select this option to configure a remote Splunk server as the
reporting option that Savvius Insight automatically forwards its network statistics to
once the configuration settings are applied. See also Using Savvius Insight and Splunk
on page 23:
•
•
Server: Enter the IP address of the Splunk server.
Port: Enter the port used to communicate to the Splunk server.
7. Click Apply to save and apply the configuration settings to Savvius Insight.
Note You will lose connection to Savvius Insight if you configured a new static Address in Settings
above.
8. Disconnect the cable from the computer/laptop to the ‘0 MGMT’ port on Savvius Insight.
9. Connect the ‘0 MGMT’ to a router port on your network. You should now be able to
reach the management port IP address from the network.
10. Restore your PC or laptop’s former network settings and reconnect it to your network.
Upgrading Savvius Insight software
When a Savvius Insight software update becomes available, the configuration utility alerts you
of the update, and displays a screen similar to the screen below. You will need to download a
ZIP file containing the two upgrade files, and then install those files, as described below.
‘here’
‘upgrade’
To upgrade the Savvius Insight software:
1. Start the Savvius Insight Configuration Utility from your web browser.
2. When software updates are available, click ‘here’ to download a ZIP file that contains the
Image and Checksum files required to update the software.
3. Click ‘upgrade’ to install the Image and Checksum files from where the ZIP file is saved
on your hard disk. The Upload Image screen appears.
Upgrading Savvius Insight software
15
4. Click Choose File to navigate to the ZIP file, and then click Upload.
5. Allow the upload to complete. Wait up to five minutes for Savvius Insight to reboot. You
will lose connection to the configuration utility once Savvius Insight reboots.
Savvius Insight actions
The actions link at the top of the configuration utility displays the Actions dialog that includes
options for powering off, rebooting, and resetting Savvius Insight to its factory defaults.
actions
16 Savvius Insight actions
•
•
•
Power Off: Select this option to turn off Savvius Insight.
Reboot: Select this option to reboot Savvius Insight.
Factory Reset: Select this option to reset Savvius Insight to its factory settings. You will
lose all saved settings and data on Savvius Insight when it is reset to its factory settings.
Once Savvius Insight has reset, you will need to run the configuration utility again as
described in Initial configuration using the configuration utility on page 8.
Note You can also perform a factory reset using the Reset button, as described in Initial
configuration using the configuration utility on page 8.
Connecting to Savvius Insight through the serial port
Using the included serial cable connected to the serial port on Savvius Insight, a PC/laptop,
and a terminal program of your choice, you can log into Savvius Insight and access the
command prompt (root@Insight). This is especially useful for advanced diagnostics or
recovery access.
To connect to Savvius Insight through the serial port:
1. Connect the serial console cable included with Savvius Insight from the serial port (DB-9)
on your laptop to the serial port (RJ-45) on the back panel of Savvius Insight.
2. Using any serial terminal program (e.g., HyperTerminal or Putty), establish a connection
to Savvius Insight. Make sure the appropriate terminal settings match the default settings
below for Savvius Insight:
•
Terminal Type: [VT100+]
Connecting to Savvius Insight through the serial port
17
•
•
•
•
•
•
•
•
Bits per second: [115200]
Data Bits: [8]
Parity: [None]
Stop Bits: [1]
Flow Control: [None]
VT-UTF8 Combo Key Support: [Enabled]
Recorder Mode: [Disabled]
Resolution 100x31: [Enabled]
3. Once a connection to Savvius Insight has been established, the Insight login prompt
appears.
4. Log into Savvius Insight by entering the username and password you configured earlier
using the configuration utility. If you did not configure a username and password earlier,
the default is:
username: root
password: savvius
5. The Insight command prompt (root@Insight) appears once you are logged in.
Using Savvius Insight for long-term reporting
When you connect Savvius Insight to your network it immediately begins collecting network
statistics for long-term reporting and trending. Searching for and analyzing data is extremely
easy using the built-in dashboards. Customize these dashboards to analyze your data
intelligently, perform mathematical transformations, and slice and dice your data as you see
fit.
18 Using Savvius Insight for long-term reporting
Because ELK is the technology behind the integrated long-term reporting capability included
with Savvius Insight, it can be configured to send its data directly to a remote ELK server (such
as the Remote Elasticsearch server). This allows for longer term reporting and centralized
aggregation of data from multiple Savvius Insight appliances to monitor all of your remote
networks that have Savvius Insight on them.
Savvius Insight dashboards
The Savvius Insight dashboards provide the user interface to view the long term reporting of
your network and the applications running on them. They are built on the ELK platform,
which is an open source software stack consisting of Elasticsearch, Logstash, and Kibana
(ELK). Kibana is the user interface displayed when viewing the Savvius Insight dashboards.
For more detailed information about ELK, please refer to the documentation on the
Elasticsearch website, and the many forums discussing it.
Savvius Insight dashboards
19
Filter Bar
Menu Bar
Dashboard
Dashboards Bar
Descriptions
Each of the Savvius Insight dashboards display different information about the network;
however, they all have the common controls listed below:
•
Menu bar: The menu bar at the top consists of the Discover, Visualize, Dashboards and
Setting menus.
•
•
•
•
•
Discover lets you look at the raw event data, and create searches.
Visualize lets you create visualizations (or panels).
Dashboard lets you create, manage, and navigate through the Savvius Insight
dashboards.
Settings lets you perform a variety of administration tasks.
Filter bar: The filter bar is used to filter the content of the panels in the dashboard. The
type of filter to use is dependent on the data in the panels. The filter bar is a powerful
feature in Savvius Insight. To learn more about using the Filter bar, refer to the
documentation on the Elasticsearch website.
•
Dashboards bar: The Dashboards bar contains links to all of the dashboards that ship
with Savvius Insight. If new dashboards are created they will not be added to this bar
automatically, but they can be added manually. You can view descriptions of each
available Savvius Insight dashboards by clicking Descriptions from the Dashboards bar.
Logging into the Savvius Insight dashboards
You can display the login to the Savvius Insight dashboards as described below, depending on
which reporting option is selected in the configuration utility:
If Local is the selected reporting option, do one of the following:
•
Enter the following in the URL bar of browser window:
https://<IP Address>:8443
where <IP Address> is the IP address of Savvius Insight, and 8443 is the port used by
Savvius Insight.
•
Click View the Reporting dashboard below the Local option in the configuration utility.
This is only available when the Local option has already been selected and applied from
the configuration utility.
If Remote Elasticsearch is the selected reporting option, do the following:
•
Enter the following in the URL bar of browser window:
https://<IP Address>:<Port>
where <IP Address> is the IP address of the remote Elasticsearch server, and <Port> is the
port used by the server.
Remote server IP address and port in configuration utility
To forward data from Savvius Insight to a remote Elasticsearch server, you must configure
both the IP address of the server and the port used by the Elasticsearch server in the Savvius
Insight configuration utility. Once the settings in the configuration utility are applied, data
automatically begins to flow from Savvius Insight to the remote Elasticsearch server via the
‘MGMT’ ports on Savvius Insight. See Initial configuration using the configuration utility on
page 8.
Logging into the Savvius Insight dashboards
21
Use ‘BRIDGED’ ports for long-term reporting
When Local or Remote Elasticsearch is selected as the reporting option in the configuration
utility, Savvius Insight automatically starts two captures on its ‘BRIDGED’ ports. Make sure
the ‘BRIDGED’ ports on Savvius Insight are properly cabled. See Front panel features on page
5.
Note Do not delete either of the two captures. If either capture is deleted, you must recreate the
captures by selecting None as the reporting option in the configuration utility, applying this
selection, and then reselecting and applying either Local or Remote Elasticsearch as the
reporting option. See Initial configuration using the configuration utility on page 8.
Importing Savvius Insight dashboards to the remote server
If Remote Elasticsearch is selected as the reporting option in the configuration utility, in order
to view the Savvius Insight dashboards, you will first need to log into the remote Elasticsearch
server and import the Savvius Insight dashboards file to the server.
To import the Savvius Insight dashboards:
1. Open a web browser and go to the Savvius Insight Portal on the web (https://
insight.savvius.com) and download the dashboards.json file. You must be a registered user
to download this file.
2. Log into the Savvius Insight dashboards on the remote Elasticsearch server. See Logging
into the Savvius Insight dashboards on page 21.
3. On the Settings menu, select Objects.
4. Click Import.
5. Navigate to the dashboards.json file that was downloaded from the Savvius Insight Portal,
and click Open.
6. If prompted to delete any existing dashboards, searches, and visualizations, delete only
those that are no longer needed.
Using Savvius Insight and Splunk
Splunk is a powerful platform that lets you look closely at the data coming from Savvius
Insight. Savvius Insight includes a Splunk Forwarder that can be enabled to send data to a
remote Splunk Server. To view the Savvius Insight data in the Splunk Server, Savvius has
developed dashboards for Splunk that can be downloaded from splunkbase.com. The
dashboards are completely web-based and can be customized and extended in many ways.
Splunk server IP address in configuration utility
To forward data from Savvius Insight to Splunk, you must configure both the IP address of the
Splunk server and the port used by the Splunk server in the Savvius Insight configuration
utility. Once the settings in the configuration utility are applied, data automatically begins to
flow from Savvius Insight to the Splunk Server via the ‘MGMT’ ports on Savvius Insight. See
Initial configuration using the configuration utility on page 8.
Use ‘BRIDGED’ ports for Splunk server
When an IP address is configured for a Splunk server in the configuration utility, Savvius
Insight automatically starts two captures on its ‘BRIDGED’ ports. Make sure the ‘BRIDGED’
ports on Savvius Insight are properly cabled. See Front panel features on page 5.
Note Do not delete either of the two captures. If either capture is deleted, you must recreate the
captures by selecting None as the reporting option in the configuration utility, applying this
selection, and then reselecting and applying Remote Splunk as the reporting option. See Initial
configuration using the configuration utility on page 8.
Using Savvius Insight and Splunk
23
Using Savvius Insight and Omnipeek for Savvius Insight
A version of Omnipeek software called ‘Omnipeek for Savvius Insight’ is available for
download for users of Savvius Insight. You can use Omnipeek for Savvius Insight software to
start packet captures, and to analyze the packet files that are captured and saved on Savvius
Insight. Omnipeek for Savvius Insight software is installed on a Windows computer located on
the same network as Savvius Insight. You can register your Savvius Insight and download the
Omnipeek for Savvius Insight software by visiting https://insight.savvius.com/omnipeek.
Note If you have Omnipeek software (version 9.2 and above) already installed on a computer, you
can use that version of Omnipeek to start captures, and to analyze packet files captured and
saved on Savvius Insight.
Here are some of the strategic ways to get started with Omnipeek for Savvius Insight software:
•
Start a capture: Starting a capture lets you capture and analyze data in real-time, and
record data for post-capture analysis from one or more Savvius Insight appliances
installed on the network. You can view a capture in real-time, or save it to disk (captureto-disk) for later analysis. See How to start a capture on Savvius Insight on page 26.
Note We recommend limiting instances of capture-to-disk captures on Savvius Insight in order to
extend the storage life of the SSD.
•
View the Compass dashboard and other dashboards: The Compass dashboard is an
interactive forensics dashboard that displays network utilization over time including
protocol, node, flow, VLAN, and application statistics. You can view these statistics from a
single supported capture file, or from multiple capture files (*.pkt, *.apc, *.pcap [Libpcap
format only], *.wcap [Libpcap format only], *.cap [Libpcap format only], *.wpz, and
*.pcapng) aggregated within the Compass workspace. Additionally, other dashboards
such as the Timeline, Network, and Applications dashboards, are also available to display
graphical data about your network summarized into several easy-to-read displays.
•
View the Experts: The Expert views provide expert analysis of response time, throughput,
and network applications in a flow-centered view of captured traffic. Expert views also
provide a detailed view of every transaction, noting any events encountered in each
individual conversation or flow. You can drill down to select the packets associated with a
particular event or with any conversation in Expert views.
•
View the Packets: Packets, the units of data carried on the network, are the basis for all
higher level network analysis. When troubleshooting network problems, it is important to
be able to drill down into the packets themselves by looking at their individual decodes as
well as use the packets captured into the buffer as the foundation for expert and statistical
24 Using Savvius Insight and Omnipeek for Savvius Insight
analysis. The Packets view of a capture window is where you can view information about
the individual packets transmitted on your network.
To learn about the above features and more, view the Omnipeek User Guide and online help.
Main program window and Start page
To start Omnipeek for Savvius Insight:
•
On the Start menu, click Omnipeek for Savvius Insight.
The main program window and Start Page appears. The parts of the main program window
are described below.
Toolbar
Start
Page
Status Bar
•
Toolbar: Provides buttons for frequently-used tasks in Omnipeek. To display different
toolbars or to customize toolbar options, on the View menu, click Toolbars.
•
Start Page: Provides buttons for opening saved capture files and viewing the Capture
Engines window. Additionally, the Start Page provides links to useful resources, both
local and online.
Main program window and Start page
25
•
Status Bar: Shows brief context-sensitive messages on the left and the current monitor
adapter on the right. To toggle the display of the status bar, on the View menu, click
Status Bar.
How to start a capture on Savvius Insight
Savvius Insight captures allow you to capture and analyze network data in real-time, and
optionally record data for post-capture analysis. You can start captures from each of the
Ethernet ports, and from the bridge ports on Savvius Insight. Use of the Ethernet ports will
require the use of a network tap. Bridge port captures should be configured as described in
Front panel features on page 5.
To start a capture on Savvius Insight:
1. In Omnipeek for Savvius Insight, do one of the following to open the Capture Engines
window:
•
•
On the Start Page, click View Capture Engines
On the View menu, click Capture Engines
The Capture Engines window appears.
Insert Engine
2. From the Capture Engines window, click Insert Engine. The Insert Engine dialog
appears.
3. Complete the dialog:
•
•
•
•
Host: Enter the IP address of the Savvius Insight that you want to connect to.
Port: Enter the TCP/IP Port used for communications. The default port for the
Savvius WP Omni protocol is 6367.
Authentication: Select Third Party to connect to Savvius Insight.
Domain: Type the Domain for login to Savvius Insight. If Savvius Insight is not a
member of any Domain, leave this field blank.
•
Username: Type the Username for login to Savvius Insight.
•
Password: Type the Password for login to Savvius Insight.
4. Click Connect. When the connection is established, the Home tab for Savvius Insight
appears.
27
5. From the Home tab, click New Capture and select the type of capture window that you
would like to create:
•
New Capture…: This option lets you create a new Savvius Insight capture based on
the capture settings that you define.
•
New “Forensics Capture”: This option lets you create a new Savvius Insight capture
based on a forensic capture template configured for post-capture forensic analysis.
•
New “Monitoring Capture”: This option lets you create a new Savvius Insight capture
based on a monitoring capture template configured to view higher level expert and
statistical data in a continuous real-time capture.
•
New “Reporting Capture”: This option lets you create a new Savvius Insight reporting
capture based on a capture template configured to forward data to one of the Savvius
Insight reporting options.
•
New “Reporting Capture - Expert Events”: This option lets you recreate a Savvius
Insight reporting capture based on a capture template optimized for Expert analysis
and configured to forward data to one of the Savvius Insight reporting options. This
is typically used along with the “Reporting Capture - Analysis” to create a highperformance capture for exporting data to one of the reporting options. Use this only
to recreate the default reporting capture that was pre-configured on the device.
•
New “Reporting Capture - Analysis”: This option lets you recreate a Savvius Insight
reporting capture based on a capture template optimized for analysis and configured
to forward data to one of the Savvius Insight reporting options. This is typically used
along with the “Reporting Capture - Expert Events” to create a high-performance
capture for exporting data to one of the reporting options. Use this only to recreate
the default reporting capture that was pre-configured on the device.
•
Edit Capture Templates: This option opens the Capture Templates dialog and allows
you to create new capture templates, or edit existing ones.
Note You can also select the above options from the Insert drop-down list available from the
Captures tab, and from the New Capture options available from the Adapters tab.
6. Configure the General options. Click Help on the dialog to help you configure the
options.
7. Choose a Savvius Insight capture adapter in Adapter options. Each adapter corresponds to
the Ethernet ports on Savvius Insight.
29
8. Click OK. A new Savvius Insight capture window appears.
Capture window views
The navigation pane of every capture window presents the views that display information
about the capture data. A Savvius Insight capture window can have the views listed below.
Here is an example of a capture-to-disk capture window from a Savvius Insight appliance.
31
Capture
Window
Views
•
Dashboards: These dashboards display graphical data about your network summarized
into several easy-to-read displays.
•
Timeline: This dashboard provides an overview of the top talkers, top protocols, and
network utilization for the Capture Engine.
•
•
Network: This dashboard provides an overview of network statistics for the capture.
Applications: This dashboard displays key statistics for applications in the capture
window.
•
Compass: This dashboard lets you view network utilization, and top statistics from a
single supported capture file, or from multiple capture files.
•
Capture: These views display information about packets captured into the capture buffer.
•
Packets: This view lists all of the packets placed in the buffer of a capture window (or
capture file). The Decode and Hex panes show the contents of the selected packet
decoded or in hexadecimal and ASCII.
•
Log: This view collects messages generated by events relating to the particular capture
window. These events include the results of notifications generated by the triggers or
analysis modules selected for the capture window.
•
Filters: This view lets you enable, disable, add, edit, and delete filters used for
capturing packets into the capture window buffer.
•
Alarms: This view lets you query a specified monitor statistics function once per
second, testing for user-specified problem and resolution conditions. On matching
any of these tests, the alarm function sends a notification of user-specified severity.
•
Expert: These views provide expert analysis of delay, throughput, and a wide variety of
network events in a conversation-centered view of traffic in a capture window.
•
Clients/Servers: This view makes it easy to track events and to see them in the context
of peer-to-peer or client-server traffic patterns.
•
Flows: This view displays each flow independently in a flat view. This simplified view
allows you to compare flows to one another, regardless of the node pair to which they
belong.
•
•
Application: This view allows you to categorize each flow by application. This view
allows you to see who is using each application on your network and how each
application is performing.
Web: These views let you display web page requests and responses, allowing you to track
client/server activity within a capture. The same web data is presented in four formats.
•
•
•
•
•
•
Servers: This view lets you focus on which servers are being used.
Clients: This view lets you focus on which clients are using which servers.
Pages: This view displays a list of web pages with each individual request nested
underneath.
Requests: This view displays a flat list of individual HTTP requests.
Visuals: These views graphically display network traffic and statistics.
•
Peer Map: This view lets you visualize network traffic by displaying nodes and the
traffic between the nodes. The lines indicate traffic between two nodes. The relative
thickness of the lines indicate the volume of traffic occurring.
•
Graphs: This view displays graphs of individual items from the other statistics views
in real time. The data from these graphs can also be saved as tab-delimited or
comma-delimited text, or as XML \ HTML. On a Capture Engine, this view must be
enabled in the Graphs options of the Capture Options dialog.
Statistics: These views display various statistical data about your network.
33
•
Nodes: This view displays real-time data organized by network node. You can choose
to display the nodes in a nested hierarchical view (logical addresses nested beneath
their physical address), or in a variety of flat tabular views. Right-click the column
header to add or remove various columns.
•
Protocols: This view displays network traffic volume as a percentage of total bytes,
broken down by protocol and subprotocol. You can choose to display the protocols in
either a nested Clients/Servers view or a Flows view.
•
Summary: This views lets you monitor key network statistics in real time and save
those statistics for later comparison. Summary statistics are also extremely valuable in
comparing the performance of two different networks or network segments.
•
Applications: This views lets you view basic statistics about applications for a capture
window.
•
Countries: This views lets you view a geographical breakdown of traffic based on IP
address for a capture window.
Limit capture-to-disk to preserve SSD
Savvius Insight uses an SSD with a duty cycle that is not rated for continuous capture-to-disk.
We recommend limiting instances of capture-to-disk captures on Savvius Insight in order to
extend the storage life of the SSD. Problems associated with continuous capture-to-disk use
are not covered by warranty.
Solving problems using Omnipeek for Savvius Insight
Omnipeek for Savvius Insight can be used in many ways to solve problems on your network.
This section describes five common network analysis tasks you can easily perform with
Omnipeek for Savvius Insight.
Note The examples below are based on a capture-to-disk capture file saved from a Savvius Insight
appliance.
Where do I start?
The Compass dashboard provides an intuitive yet detailed summary of all network activity.
Use this dashboard as your “compass” to find which areas need more detailed analysis.
34 Solving problems using Omnipeek for Savvius Insight
To use the Compass dashboard:
1. Click Compass in the navigation pane of the capture window to display the Compass
dashboard.
2. In the example above, let’s learn more about the spike in network activity (graphing
average Mbits).
3. Put your cursor just to the left of the spike, drag across the spike, and then let go. The
entire Compass dashboard, the graph and the detailed panels below, all update
automatically to reflect the time frame you selected around the spike.
Where do I start?
35
4. Note the Protocols, Flows, and Nodes statistics chart windows below the graph. You can
pin or unpin statistics chart windows for Channels, WLAN, VLAN, Data Rates, and
Applications by clicking the desired tab or pin/unpin icon (push-pin) in the upper right of
the statistics chart window.
5. You now have a complete view of your network traffic for just the spike in activity. Use
each of the statistics chart windows to quickly see what caused the spike and determine if
more detailed analysis is needed.
Who’s using my network, and how?
1. Click Nodes in the navigation pane of the capture window to display the Nodes view. The
Nodes view provides a list of all nodes that have been active on the network since the
capture started.
Total Nodes View Type
Column Header
2. The total number of nodes is listed in the upper left-hand corner. Use the adjacent pulldown menu to choose the type of node data to display. “IP” is the most common view.
3. Click a column header to sort the data by that parameter. If you need to quickly see your
top talkers, sort on the “Total Bytes” or “Total Bytes %” columns. Your top talkers will rise
to the top of the list.
4. To see exactly what your top talkers are doing on the network, simply double-click the
node to create new tab that shows the overall application or protocol usage for that node.
The view can be toggled between application and protocol using the drop down box in the
title bar.
Who’s using my network, and how?
37
5. You now know who is using your network, and how.
How is my network performing?
Omnipeek for Savvius Insight performs detailed network analysis (“Expert” analysis) in the
background to find common and even not so common network problems. A list of these
potential problems can be found in the Expert views.
To use the Expert views to perform network analysis:
1. Click Applications in the Expert views of the navigation pane of the capture window. The
Applications view displays Expert analysis categorized by application.
2. Be sure the “Event Summary” tab is selected in the bottom window. The “Event
Summary” tab shows all of the potential issues that have been identified during this
capture.
How is my network performing?
39
3. To quickly find exactly what application and what user has been effected by a nonresponsive server, just click on that event. The application data in the upper window will
be automatically expanded to show exactly which application, server, and client has been
effected. In this case all three instances correspond to the same communication between
10.4.2.16 and server 159.180.64.109 over HTTP.
4. If you want to tune the settings for this analysis function, just right click the event in the
Event Summary, choose EventFinder Settings, and adjust the parameters in the dialog box
that appears. You can also see a summary of the Event and change the Event severity.
5. With Expert events, Omnipeek for Savvius Insight watches your network for you. You can
set up alerts based on Event severity so you never miss a problem.
How do I get a single view of who’s talking to whom?
Omnipeek for Savvius Insight includes a feature called the Peer Map that provides a visual
representation of who is talking to whom on the network.
To use the Peer Map:
1. Click Peer Map in the navigation pane of the capture window to display the Peer Map
view.
How do I get a single view of who’s talking to whom?
41
2. The Peer Map represents each network node with a dot.
a. The size of the dot scales to the relative traffic for that node.
b. The lines emanating from each node represent each of its connections to other network nodes.
c. The thickness of the line scales to the traffic between those two nodes in relation to all
other nodes.
d. The color of the line depicts the underlying protocols in use – multiple colors means
multiple protocols in use between the network nodes.
3. To better isolate a node, simply drag it away from the others to get a clearer view. Any
node repositioning will be retained the next time you open the packet file.
4. The panel on the right allows you to customize the view in the Peer Map. Key
customization elements include:
a. Number of nodes
b. Type of nodes
c. Protocols in use
5. For example, if you want to isolate a particular protocol to quickly find only those
conversations, click
to disable all protocols in the “Protocols” panel, and then click the
check box next to the protocol you wish to isolate—in this case, HTTPS.
6. In just a few clicks we have quickly identified the one conversation using HTTPS that
connects to Savvius Insight.
How do I save a file to share with someone else?
There may be times when you want to share a packet file with someone else to get their
opinion on a network issue. This is very easy to do with Omnipeek for Savvius Insight.
To create a packet file:
1. On the File menu, click Save All Packets …. This will create a file that includes all of the
packets that are associated with the open capture window.
How do I save a file to share with someone else?
43
2. Omnipeek for Savvius Insight provides a wide range of formats for saving packets,
depending on the intended use of the saved file. Some examples include:
a. Omnipeek format (.pkt, .wpz) – use this format if you are sharing files with another
Omnipeek user.
b. Packet List (comma or tab delimited) – use this format is you want to export packet
information into another program. The most common usage is to import data into
Microsoft Excel for further analysis of graphing.
c. Libpcap or PcapNG – use one of these formats if you are sharing files with a
Wireshark user.
Self-support portal for Savvius Insight
Support for Savvius Insight is available only at the Savvius Insight Web portal located at
https://insight.savvius.com.
In the portal you will be able to:
•
Register your Savvius Insight
44 Self-support portal for Savvius Insight
•
•
•
•
View the Frequently Asked Questions
Obtain configuration instructions for common use cases
Share your Savvius Insight experiences and issues with other users in an interactive forum
Learn new Tips and Tricks about Savvius Insight hardware and software
An RMA (Return Material Authorization) number must be obtained from Savvius in order to
return hardware for any reason. Your Savvius Insight must also be registered to obtain
warranty service.
Technical specifications
The technical specifications for Savvius Insight are listed below:
Basic system configuration
•
•
•
•
Pre-loaded, tested, and fully integrated with Savvius Capture Engine software
8GB RAM
128GB HD/SSD SATA
Quad-core 1700MHZ Intel Atom processor
Performance
•
•
Network analysis up to 100Mbps
Up to four simultaneous captures
Ethernet
•
•
Six built-in 10/100/1000 Gigabit Ethernet ports
RJ-45 Interface
I/O
•
•
•
One reset button
One RJ45 serial port
Two type A USB ports
Technical specifications
45
Certification
•
•
•
•
EMC CE Class B
FCC Class B
VCCI
RoHS
Environmental
•
•
•
Operating temperature: 0° to 40° C (32° to 104° F)
Storage temperature: -20° to 70° C (-4° to 158° F)
Relative humidity: 5% to 90% (non condensing)
Power and system input requirements
•
•
•
•
36W external AC/DC power adapter
AC input voltage: 100-240 VAC
Rated input current: 100 (10A) - 240V (4A)
Rated input frequency: 50-60 Hz
Dimensions and weight
•
•
44 h x 177 w x 145.5 d
2.6 lbs
Supported operating system
•
Linux
Savvius Insight Warranty
•
Available with one year warranty
46 Technical specifications

Savvius Insight User Guide - Savvius Insight Support Portal

Transcription

Similar documents

Which two heads are better than one?

SU-233/PVS M3X Tactical Illuminator

6.19.16 Bulletin

Write Your Heart Out…™

the tribez - Game Insight

Stylus Magazine Indesign Template