FlowTraq User Manual, version Q2/13

Process Query Systems, LLC

Copyright © 2009-2013 Process Query Systems, LLC

March, 2013

Contents

1. Introduction
1.1. System Overview
1.2. Support, Training, and Professional Services
1.2.1. Technical Support
1.2.2. Training and Professional Services
1.3. Change Log
1.3.1. Changes in FlowTraq Q4/12
2. Installation
2.1. System Requirements
2.1.1. Server Hardware Requirements
2.1.2. Client Hardware Requirements
2.1.3. Platform Requirements
2.2. Installation
2.2.1. Installation Overview
2.2.2. Installing or Upgrading FlowTraq Server
2.2.3. Installing FlowTraq Client
3. Initial Configuration
3.1. Launching FlowTraq Client
3.2. Logging In
3.3. Entering a License Key
3.4. User Administration
3.4.1. User Privileges
3.4.2. Changing Passwords
3.4.3. Adding and Removing Users
3.4.4. Granting and Revoking Adminstrative Privileges
3.4.5. User Access Control
4. FlowTraq Web Interface and FlowTraq NBI Server
4.1. Software Prerequisites
4.2. Installation Overview
4.3. Detailed Installation Guides
4.3.1. OpenSuSE Linux 11 - Installation Guide
4.3.2. Ubuntu Linux 10 (Lucid Lynx) - Installation Guide
4.3.3. CentOS 6.3 - Installation Guide
4.4. Access
4.5. Installation Troubleshooting
4.5.1. Error: NBI server not configured.
4.5.2. Error: NBI server authentication failed.
4.5.3. Error: The FlowTraq Server failed to identify itself.
4.5.4. Warning: The NBI server is not authenticated with this FlowTraq server.
5. Configuring Flow Sources
5.1. Supported Input Formats
5.2. Configuring NetFlow, cFlow, jFlow, IPFIX, and NSEL
5.3. Configuring sFlow
5.4. Using Flow Exporter
5.5. Troubleshooting Flow Sources
6. The Dashboard
6.1. Setting Up Your Dashboard
6.1.1. Pages
6.1.2. Managing Widgets
6.1.3. Widget Types
7. Interactive Reports (Workspaces)
7.1. Workspace Overview
7.2. Example Workspaces
7.3. Customizing Workspaces
7.3.1. Time Navigation
7.3.2. Filtering
7.3.3. Views
7.3.4. Workspace Details
7.4. Saving and Sharing Workspaces
7.4.1. Importing and Exporting Workspaces
7.4.2. Workspaces Widget
7.4.3. Printing and Saving Interactive Reports
8. Scheduled Reports
8.1. Scheduling Reports
8.2. Managing and Retrieving Reports
8.2.1. Editing, Disabling, and Deleted Scheduled Reports
8.2.2. Retrieving Reports
8.2.3. Deleting Generated Reports
9. Session Explorer
9.1. Accessing Session Explorer
9.2. Using Session Explorer
10. Alerts and Notifications
10.1. Setting Up Alerts
10.2. Managing and Retrieving Alerts
10.2.1. Editing, Disabling, and Deleting Alerts
10.2.2. Viewing Alert Causes
10.3. Alert Notifications
10.3.1. Notifications on the Dashboard
10.3.2. Notifications via E-mail
10.3.3. Notifications via Syslog Over UDP
10.3.4. Retrieving Notifications via the Command Line
11. Server Optimization and Administration
11.1. Performance Tuning
11.1.1. Performance Indicators
11.1.2. Performance Controls
11.2. Upgrading FlowTraq
11.2.1. Automatic Client Upgrades
11.3. Advanced Administration
11.3.1. Starting and Stopping FlowTraq Server
11.3.2. Backing Up the Session Database
11.3.3. Clearing the FlowTraq Session Database
11.3.4. The FlowTraq Server Configuration File: flowtraq.conf
12. Command Line Interface
12.1. Overview
12.2. Retrieving Raw Session Data from the Command Line with ftsq
12.3. Time Navigation
12.4. Filter String Syntax
12.5. Retrieving Statistical Queries from the Command Line with ftstat
12.6. Managing Users from the Command Line with ftum
12.7. Session Key Reauthentication
12.8. Retrieving Alert Notifications via the Command Line
13. The FlowTraq Network Behavioral Intelligence Toolkit
13.1. Overview
13.2. Configuration
13.2.1. Basic Parameters
13.2.2. Training Options
13.2.3. Logging Options
13.3. Usage Notes
13.3.1. ftbfg
13.3.2. ftdos
13.3.3. ftscan
13.3.4. fttcv
A. Enabling Flow Export on Common Devices
A.1. CISCO IOS
B. FlowProxy
B.1. Installing FlowProxy
B.2. Starting and Stopping FlowTraq Server
B.2.1. Windows
B.2.2. Mac OS X
B.2.3. Linux
B.2.4. BSD
B.2.5. Solaris
B.3. The FlowProxy Configuration File
B.3.1. Making Changes to flowproxy.conf
B.3.2. Configuration File Format
C. FlowTraq Web API Reference
C.1. Authentication
C.1.1. Request Parameters
C.1.2. Response Parameters
C.1.3. Example
C.2. Retrieving Processed FlowTraq Views
C.2.1. Request Parameters
C.2.2. Response Parameters
C.2.3. Example
C.3. Retrieving Raw NetFlow Sessions
C.3.1. Request Parameters
C.3.2. Response Parameters
C.3.3. Example
D. Flow FAQs
D. Legal Notices
D.1. END USER LICENSE AGREEMENT FOR FLOWTRAQ
D.2. Third-Party Software Components
D.2.1. Restlet
D.2.2. JFreeChart
   Next