FlowTraq Q4/13 User Manual

Process Query Systems, LLC

Copyright © 2009-2013 Process Query Systems, LLC

1. Introduction

1.1. System Overview

1.2. Support, Training, and Professional Services

1.2.1. Technical Support
1.2.2. Training and Professional Services

1.3. Change Log

1.3.1. Changes in FlowTraq Q4/13
1.3.2. Changes in FlowTraq Q3/13
1.3.3. Changes in older versions of FlowTraq

2. Installation

2.1. System Requirements

2.1.1. Server Hardware Requirements
2.1.2. Client Hardware Requirements
2.1.3. Platform Requirements

2.2. Installation

2.2.1. Installation Overview
2.2.2. Installing or Upgrading FlowTraq Server
2.2.3. Installing FlowTraq Client

3. Initial Configuration

3.1. Launching FlowTraq Client

3.2. Logging In

3.3. Entering a License Key

3.4. User Administration

3.4.1. User Privileges
3.4.2. Changing Passwords
3.4.3. Adding and Removing Users
3.4.4. Granting and Revoking Adminstrative Privileges
3.4.5. User Access Control

4. FlowTraq User Interface

4.1. The Workspace

4.1.1. Filtering
4.1.2. View Selection
4.1.3. Time Navigation
4.1.4. Workspace Operations

5. FlowTraq Web Interface and FlowTraq NBI Server

5.1. Software Prerequisites

5.2. Installation Overview

5.3. Detailed Installation Guides

5.3.1. OpenSuSE Linux 11 - Installation Guide
5.3.2. Ubuntu Linux 10 (Lucid Lynx) - Installation Guide
5.3.3. CentOS 6.3 - Installation Guide

5.4. Access

5.5. Installation Troubleshooting

5.5.1. Error: NBI server not configured.
5.5.2. Error: NBI server authentication failed.
5.5.3. Error: The FlowTraq Server failed to identify itself.
5.5.4. Warning: The NBI server is not authenticated with this FlowTraq server.

6. Configuring Flow Sources

6.1. Supported Input Formats
6.2. Configuring NetFlow, cFlow, jFlow, IPFIX, and NSEL
6.3. Configuring sFlow
6.4. Using Flow Exporter
6.5. Troubleshooting Flow Sources

7. The Dashboard

7.1. Setting Up Your Dashboard

7.1.1. Pages
7.1.2. Managing Widgets
7.1.3. Widget Types

8. Interactive Reports (Workspaces)

8.1. Workspace Overview

8.2. Example Workspaces

8.3. Customizing Workspaces

8.3.1. Time Navigation
8.3.2. Filtering
8.3.3. Views
8.3.4. Workspace Details

8.4. Saving and Sharing Workspaces

8.4.1. Importing and Exporting Workspaces
8.4.2. Workspaces Widget
8.4.3. Printing and Saving Interactive Reports

9. Scheduled Reports

9.1. Scheduling Reports

9.2. Managing and Retrieving Reports

9.2.1. Editing, Disabling, and Deleted Scheduled Reports
9.2.2. Retrieving Reports
9.2.3. Deleting Generated Reports

10. Session Explorer

10.1. Accessing Session Explorer
10.2. Using Session Explorer

11. Alerts and Notifications

11.1. Setting Up Alerts

11.2. Managing and Retrieving Alerts

11.2.1. Editing, Disabling, and Deleting Alerts
11.2.2. Viewing Alert Causes

11.3. Alert Notifications

11.3.1. Notifications on the Dashboard
11.3.2. Notifications via E-mail
11.3.3. Notifications via Syslog Over UDP
11.3.4. Retrieving Notifications via the Command Line

12. Server Optimization and Administration

12.1. Performance Tuning

12.1.1. Performance Indicators
12.1.2. Performance Controls

12.2. Upgrading FlowTraq

12.2.1. Automatic Client Upgrades

12.3. Advanced Administration

12.3.1. Starting and Stopping FlowTraq Server
12.3.2. Backing Up the Session Database
12.3.3. Clearing the FlowTraq Session Database
12.3.4. The FlowTraq Server Configuration File: flowtraq.conf

13. Command Line Interface

13.1. Overview
13.2. Retrieving Raw Session Data from the Command Line with ftsq
13.3. Time Navigation
13.4. Filter String Syntax
13.5. Retrieving Statistical Queries from the Command Line with ftstat
13.6. Managing Users from the Command Line with ftum
13.7. Session Key Reauthentication
13.8. Retrieving Alert Notifications via the Command Line

14. The FlowTraq Network Behavioral Intelligence Toolkit

14.1. Overview

14.2. Configuration

14.2.1. Basic Parameters
14.2.2. Training Options
14.2.3. Logging Options

14.3. Usage Notes

14.3.1. ftbfg
14.3.2. ftdos
14.3.3. ftscan
14.3.4. fttcv

A. Enabling Flow Export on Common Devices

A.1. CISCO IOS

B. FlowProxy

B.1. Installing FlowProxy

B.2. Starting and Stopping FlowTraq Server

B.2.1. Windows
B.2.2. Mac OS X
B.2.3. Linux
B.2.4. BSD
B.2.5. Solaris

B.3. The FlowProxy Configuration File

B.3.1. Making Changes to flowproxy.conf
B.3.2. Configuration File Format

C. FlowTraq Web API Reference

C.1. Authentication

C.1.1. Request Parameters
C.1.2. Response Parameters
C.1.3. Example

C.2. Retrieving Processed FlowTraq Views

C.2.1. Request Parameters
C.2.2. Response Parameters
C.2.3. Example

C.3. Retrieving Raw NetFlow Sessions

C.3.1. Request Parameters
C.3.2. Response Parameters
C.3.3. Example

D. Flow FAQs

D. Legal Notices

D.1. END USER LICENSE AGREEMENT FOR FLOWTRAQ

D.2. Third-Party Software Components

D.2.1. Restlet
D.2.2. JFreeChart