Operational Status Report
You can get to this from "Views -> Operational Status Report"
High Volume mode sample:
To read a loadCycle: "Load Time: 42.73s, Insertion Time: 21.08s, Filter Time: 0.15s, Endpoint Time: 10.41s, Flows: 56075, Conversations: 21246, Skipped Filtered Flows: 53, Unique IPs: 8960"
total processing time = "Load Time + Filter Time + Endpoint Time" (Load time includes Insertion Time, it is broken out to help see DB performance)
total processing time = 42.73 + 0.15 + 10.41
total processing time = 53.29s
|2016-04-19T11:12:13||loadCycle||completed||ok||Process 27739 done with file(s) nfcapd.201604191109||Load Time: 42.73s, Insertion Time: 21.08s, Filter Time: 0.15s, Endpoint Time: 10.41s, Flows: 56075, Conversations: 21246, Skipped Filtered Flows: 53, Unique IPs: 8960|
|2016-04-19T11:10:02||loadCycle||completed||ok||Process 27684 done with file(s) nfcapd.201604191107||Load Time: 37.42s, Insertion Time: 18.82s, Filter Time: 0.13s, Endpoint Time: 5.37s, Flows: 48445, Conversations: 18372, Skipped Filtered Flows: 57, Unique IPs: 8472|
|2016-04-19T11:08:30||loadCycle||completed||ok||Process 27576 done with file(s) nfcapd.201604191105||Load Time: 55.97s, Insertion Time: 33.9s, Filter Time: 0.24s, Endpoint Time: 10.17s, Flows: 56434, Conversations: 21374, Skipped Filtered Flows: 51, Unique IPs: 8788|
|2016-04-19T11:06:28||loadCycle||completed||ok||Process 27438 done with file(s) nfcapd.201604191103||Load Time: 54.56s, Insertion Time: 34.03s, Filter Time: 0.14s, Endpoint Time: 10.56s, Flows: 55158, Conversations: 19285, Skipped Filtered Flows: 45, Unique IPs: 8975|
Low Volume mode example:
To read a loadCycle: "Load Time: 223.72s Summarize Time: 5.05s Aggregation Time: 3.18s Filter Time: 133.78s Endpoint Time: 23.65s Flows: 202482 Conversations: 16355 Unique IPs: 5221" the
total processing time = "Load Time + Summarize Time + Filter Time + Endpoint Time" ( Summarise Time includes Aggregation Time, it is broken out to see DB performance)
total processing time = 223.72 + 5.05 + 133.78 + 23.65
total processing time = 386.2s
Low Volume mode does not list the insertion time
Skipped Empty Flows - flows that were skipped because they had 0 bytes
Skipped Filtered Flows - flows that were skipped because they matched the config setting opflow_drop_endpoints
opflow-cli.pl - Manage opFlow from the CLI
opflow-cli.pl allows you to run setup routines, create reports, manually load flow files and generally run CRUD operations on endpoints/apps/agents/filters.
Run opflow-cli.pl -h to get help:
Agents are a list of the IP addresses from which flows are received. The System -> Manage Agents GUI function enables you to see each agent IP address as well as the node that has been associated with it . The association to an NMIS node enables opFlow to look up the interface indexes which the traffic is flowing to and from, these associations are automatically updated once an hour and can also be triggered at any time by using the System -> Sync Agent/Node data GUI function. Please refer to: opCharts/NMIS integration for information on configuring opFlow to connect to opCharts.
opFlow allows to select which flow agents (and in/out interfaces) your opFlow instance should accept data from, this is currently done in the opflow-cli.pl program only.
You can use
opflow-cli.pl to view the list of agents and interfaces, and set any of them inactive or active. If an agent and in/out interface combination is set inactive, then opFlow will ignore flows from this agent and involving these in/out interfaces. There is also a "wildcard" agent record available: if you set that to inactive, then it overrides all interface-specific settings and no flows will be accepted from this agent (no matter what interfaces are involved). Please note that
opflow-cli.pl does show the invidual agent+interface records even if the wildcard record is set to inactive and thus is overriding them.
If you only want to disable flows coming in that match a particular in and out interface combination, then you should set that specific record inactive and leave the wildcard record active.
Note: Disabling all flows in+out of an interface will remove it from the licensing count (lowering the used count by one interface). opFlow 3.0.2 requires each combo to be disabled, just disabling the wildcard record will not remove the interfaces from the licensing count. The GUI refreshes the license count every 5 minutes, restart omkd if you would like to see the most up-to-date count immediately.
Get a list of known Agents
Stop Processing Flows from an Agent/Interface
To disable processing flows from an agent, disable all agent+in_if+out_if entries, or the wildcard record (i.e. by not passing
out_if). Here is an example:
Start Processing Flows from an Agent/Interface
Note: Enabling an agent which has individual interface records disabled will not enable those interface records as well.
Filters allow you to create pre-defined searches that will load quickly in the GUI. A filter must be in place before the flows arrive as the flows are tagged with the filter when they are processed. Any flows that match the filter but arrived before the filter was created will not be displayed.
Note: Agents are filtered automatically, there is no need to create extra filters for them.
Options for filtering rules: agent|application|endpoint|proto|src_ip|dst_ip|src_port|dst_port