The FlowTraq NBI Tools share a number of basic configuration parameters in common with the CLI tools; in particular, the -s, -p, -un, -up, -us, -q, -e, -ei, and -ef parameters all work in the same was as they do with the CLI tools. Use these to specify the FlowTraq Server to connect to, the credentials to use to log in, and more. For more information on these parameters, please see Section 11.2, “Retrieving Raw Session Data from the Command Line with ftsq”.
![[Tip]](../common/images/admon/tip.png) | NBI Tools and FlowTraq Filters |
|---|---|
You can even use |
The FlowTraq NBI Tools all learn network behavioral baselines by first examining a period of historical data. When they are run, they first perform a learning pass over a specified timeframe of historical data (the "training period"), compute baselines, and then begin alerting in real time on the live traffic as it arrives. Specify the training period by using the -tn parameter (to specify a training period relative to now) or using -te/-tl to specify an absolute training period. For more information on these parameters, please see Section 11.2, “Retrieving Raw Session Data from the Command Line with ftsq”.
All of the NBI tools support logging network behavior anomalies to standard out or to syslog. To congifure logging, use the following parameters.
Table 12.1. Logging Parameters
| Parameter | Description |
|---|---|
-ls
| Log to stdout (Default: yes UNLESS a loghost is specified via -lh) |
-lh LOGHOST
| Loghost, specify where syslog message are to be sent (Default: syslog is disabled) |
-lp PORT
| Syslog port on the loghost (Default: 512) |
-lf FACILITY
| yslog facility, one of: LOCAL0-LOCAL7. (Default: LOCAL0) |
-ll LEVEL
| Syslog level, one of: EMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO, DEBUG. (Default: NOTICE) |
-lu MESSAGE
| User-defined custom message to be added at the end of the syslog message. Enclose in ""-pair. |
