FlowTraq User Manual, version Q4/12

Process Query Systems, LLC

Copyright © 2009-2012 Process Query Systems, LLC

1. Introduction

1.1. System Overview

1.2. Support, Training, and Professional Services

1.2.1. Technical Support
1.2.2. Training and Professional Services

1.3. Change Log

1.3.1. Changes in FlowTraq Q4/12

2. Installation

2.1. System Requirements

2.1.1. Server Hardware Requirements
2.1.2. Client Hardware Requirements
2.1.3. Platform Requirements

2.2. Installation

2.2.1. Installation Overview
2.2.2. Installing or Upgrading FlowTraq Server
2.2.3. Installing FlowTraq Client

3. Initial Configuration

3.1. Launching FlowTraq Client

3.2. Logging In

3.3. Entering a License Key

3.4. User Administration

3.4.1. User Privileges
3.4.2. Changing Passwords
3.4.3. Adding and Removing Users
3.4.4. Granting and Revoking Adminstrative Privileges
3.4.5. User Access Control

4. Configuring Flow Sources

4.1. Supported Input Formats
4.2. Configuring NetFlow, cFlow, jFlow, IPFIX, and NSEL
4.3. Configuring sFlow
4.4. Using Flow Exporter
4.5. Troubleshooting Flow Sources

5. The Dashboard

5.1. Setting Up Your Dashboard

5.1.1. Pages
5.1.2. Managing Widgets
5.1.3. Widget Types

6. Interactive Reports (Workspaces)

6.1. Workspace Overview

6.2. Example Workspaces

6.3. Customizing Workspaces

6.3.1. Time Navigation
6.3.2. Filtering
6.3.3. Views
6.3.4. Workspace Details

6.4. Saving and Sharing Workspaces

6.4.1. Importing and Exporting Workspaces
6.4.2. Workspaces Widget
6.4.3. Printing and Saving Interactive Reports

7. Scheduled Reports

7.1. Scheduling Reports

7.2. Managing and Retrieving Reports

7.2.1. Editing, Disabling, and Deleted Scheduled Reports
7.2.2. Retrieving Reports
7.2.3. Deleting Generated Reports

8. Session Explorer

8.1. Accessing Session Explorer
8.2. Using Session Explorer

9. Alerts and Notifications

9.1. Setting Up Alerts

9.2. Managing and Retrieving Alerts

9.2.1. Editing, Disabling, and Deleting Alerts
9.2.2. Viewing Alert Causes

9.3. Alert Notifications

9.3.1. Notifications on the Dashboard
9.3.2. Notifications via E-mail
9.3.3. Notifications via Syslog Over UDP
9.3.4. Retrieving Notifications via the Command Line

10. Server Optimization and Administration

10.1. Performance Tuning

10.1.1. Performance Indicators
10.1.2. Performance Controls

10.2. Upgrading FlowTraq

10.2.1. Automatic Client Upgrades

10.3. Advanced Administration

10.3.1. Starting and Stopping FlowTraq Server
10.3.2. Backing Up the Session Database
10.3.3. Clearing the FlowTraq Session Database
10.3.4. The FlowTraq Server Configuration File: flowtraq.conf

11. Command Line Interface

11.1. Overview
11.2. Retrieving Raw Session Data from the Command Line with ftsq
11.3. Time Navigation
11.4. Filter String Syntax
11.5. Retrieving Statistical Queries from the Command Line with ftstat
11.6. Managing Users from the Command Line with ftum
11.7. Session Key Authorization
11.8. Retrieving Alert Notifications via the Command Line

12. The FlowTraq Network Behavioral Intelligence Toolkit

12.1. Overview

12.2. Configuration

12.2.1. Basic Parameters
12.2.2. Training Options
12.2.3. Logging Options

12.3. Usage Notes

12.3.1. ftbfg
12.3.2. ftdos
12.3.3. ftscan
12.3.4. fttcv

A. Enabling Flow Export on Common Devices

A.1. CISCO IOS

B. Flow FAQs

C. Legal Notices

C.1. END USER LICENSE AGREEMENT FOR FLOWTRAQ

C.2. Third-Party Software Components

C.2.1. Restlet
C.2.2. JFreeChart