Copyright©1995-2015SolarWindsWorldwide,LLC.Allrightsreservedworldwide.Nopartofthis documentmaybereproducedbyanymeansnormodified,decompiled,disassembled,publishedor distributed,inwholeorinpart,ortranslatedtoanyelectronicmediumorothermeanswithoutthe writtenconsentofSolarWinds.Allright,title,andinterestinandtothesoftwareanddocumentation areandshallremaintheexclusivepropertyofSolarWindsanditsrespectivelicensors. SOLARWINDSDISCLAIMSALLWARRANTIES,CONDITIONSOROTHERTERMS,EXPRESS ORIMPLIED,STATUTORYOROTHERWISE,ONSOFTWAREANDDOCUMENTATION FURNISHEDHEREUNDERINCLUDINGWITHOUTLIMITATIONTHEWARRANTIESOF DESIGN,MERCHANTABILITYORFITNESSFORAPARTICULARPURPOSE,AND NONINFRINGEMENT.INNOEVENTSHALLSOLARWINDS,ITSSUPPLIERS,NORITS LICENSORSBELIABLEFORANYDAMAGES,WHETHERARISINGINTORT,CONTRACTOR ANYOTHERLEGALTHEORYEVENIFSOLARWINDSHASBEENADVISEDOFTHE POSSIBILITYOFSUCHDAMAGES. TheSolarWinds,theSolarWinds&Design,ipMonitor,LANsurveyor,Orion,andotherSolarWinds marks,identifiedontheSolarWindswebsite,asupdatedfromSolarWindsfromtimetotimeand incorporatedherein,areregisteredwiththeU.S.PatentandTrademarkOfficeandmayberegistered orpendingregistrationinothercountries.AllotherSolarWindstrademarksmaybecommonlaw marksorregisteredorpendingregistrationintheUnitedStatesorinothercountries.Allother trademarksorregisteredtrademarkscontainedand/ormentionedhereinareusedforidentification purposesonlyandmaybetrademarksorregisteredtrademarksoftheirrespectivecompanies. Microsoft®,Windows®,andSQLServer®areregisteredtrademarksofMicrosoftCorporationinthe UnitedStatesand/orothercountries. NetFlowTrafficAnalyzer4.1.1 Documentrevised:2/1/2016 Table of Contents Chapter1:Introduction 15 WhyInstall SolarWindsNTA 15 How SolarWindsNTA Works 16 WhyUse SolarWindsNTA 17 What'sNew 20 Chapter2:Installing SolarWinds NetFlowTraffic Analyzer 21 Licensing SolarWindsNetFlow TrafficAnalyzer 21 Requirements 22 SolarWindsNTA Polling Engine Requirements 22 Orion ServerSoftware Requirements 23 Orion ServerHardware Requirements 26 Requirementsforthe Orion Database Server(SQL Server) 27 NTA Flow Storage Database Requirements 29 PortRequirements 30 Virtual Machine Requirements 31 Flow Requirements 31 Required Fields 33 MandatoryforFlow Template Schema 33 Optional forFlow Template Schema 34 Sampled Flow Supported Fields 36 NetFlow v5 and J-Flow v5 HeaderFormat 36 NetFlow v9 and J-Flow v9 36 Flow Template 36 Option template -mandatoryfields 37 3 SolarWindsNetFlow TrafficAnalyzerAdministratorGuide Option template -optional field 38 AutonomousSystemsRequirements 38 NTA DeploymentOptions 39 Installing a Localized Version ofNTA 40 Installing NTA and NTA Flow Storage Database Locally 41 Installing NTA and Remote NTA Flow Storage Database 42 Installing Additional Pollersand Web Consoles 43 Installing NTA 44 Completing the Configuration Wizard 45 Installing NTA Flow Storage Database 46 Configuring Remote NTA Flow Storage Database 48 Upgrading NTA 49 Upgrade Pathsand Compatibility 49 Upgrade Steps 50 Database Migration 52 Uninstalling NTA 53 Chapter3:Getting Started with NTA 55 Setting Flow Monitoring in NetFlow TrafficAnalyzer 55 Setting Up NetworkDevicesto ExportNetFlow Data 56 Adding Flow-Enabled Devicesand Interfacesto the Orion Database 60 Adding Flow Sourcesand CBQoS-Enabled Devices 61 Chapter4:Configuring NetFlowTraffic Analyzer 64 Configuring NetFlow ManagementSettings 65 Update Operations 66 Submitting Operation Changes 67 Historical Updates 68 Updating IP AddressGroups,Applications,orNetFlow Sources 68 Running updatesin NTA resources 68 Resolving change requestconflicts 69 Configuring Flow Sourcesand CBQoS Devices 69 4 Table ofContents Enabling the AutomaticAddition ofFlow Sources 70 Enabling Flow Monitoring fromUnmanaged Interfaces 70 Setting the Sampling Rate Manually 71 Enabling CBQoS Polling 74 Deleting Flow Sourcesand CBQoS-Enabled Devices 74 Configuring Applicationsand Service Ports 75 Managing applicationsand service ports 76 Configuring Data Retention forFlowson Unmonitored Ports 76 Enabling orDisabling Monitoring forPortsorApplications 77 Adding Applicationsand Service Ports 78 Editing Applicationsand Service Ports 79 Deleting Applicationsand Service Ports 80 Selecting IP AddressGroupsforMonitoring 81 Selecting IP Rangesto Be Monitored 81 Adding a New IP AddressorIP AddressGroup 82 Editing IP AddressesorIP AddressGroups 83 Deleting IP AddressesorIP AddressGroups 83 Configuring NetFlow CollectorService Ports 84 Configuring Monitored Protocols 85 Configuring NetFlow TypesofServices 85 Configuring Top TalkerOptimization 86 Configuring DNS and NetBIOS Resolution 88 DNS Resolution Optionsin NTA 88 How DoesDefaultDNS Resolution Workin NTA? 89 Hostand Domain Names 89 Enabling NetBIOS Resolution 90 Configuring DNS Resolution 90 Configuring IP AddressProcessing 91 Configuring Database Settings 92 NTA Flow Storage Database 93 5 SolarWindsNetFlow TrafficAnalyzerAdministratorGuide Configuring the Orion Database Maintenance 94 Configuring the NTA Flow Storage Database Maintenance 95 Configuring NTA Flow Storage Database Backups 96 BestPracticesforNTA Flow Storage Database Backups 97 Scheduling RegularBackups 98 Backing up the NTA Flow Storage Database Manually 99 Specifying a Backup FolderforNTA Flow Storage Database 100 Restoring Backups 100 Setting up Remote NTA Flow Storage Database Covered byMS FailoverCluster 101 Covering Local NTA Flow Storage Database bySolarwindsFailoverEngine 103 Moving the NTA Flow Storage Database 104 Configuring Charting and Graphing Settings 107 Configuring Progressive Charting 107 Configuring percentage type forTop XX resources 108 Top XX ListResource Percentages 109 Configuring displayunitsforarea charts 110 Configuring defaulttime periodsforresources 112 Configuring the NTA view refresh rate 113 Optimizing Performance ofNTA 113 Configuring On Demand DNS Resolution 114 Limiting Flow CollectionsTo Top Talkers 115 Chapter5:Viewing NetFlowTraffic AnalyzerData in the Orion Web Console 116 Editing Resources 117 Working with Charts 117 Data granularityshown bydefault 118 Area Charts 119 Customizing Chartsforthe CurrentSession 122 Customizing ChartsforAll Users 123 Customizing Views 126 Creating New Views 126 6 Table ofContents Creating CustomViewswith the Flow Navigator 127 Adding NetFlow Resourcesto Web Console Views 133 Enabling the NetFlow TrafficAnalysisSummaryView 135 Adding Endpoint-CentricResources 135 Configuring View Limitations 136 Editing Views 137 Editing Time SettingsforViews 139 Editing Flow Direction in Views 140 Copying Views 140 Deleting Views 140 Deleting Filtered Views 141 ViewsbyDevice Type 141 Monitoring TrafficFlow Directions 142 Setting Flow Direction 143 Pie Charts 144 Viewing Class-Based QualityofService (CBQoS)Data 146 Chapter6:Working with NTA 149 Implementing and Monitoring CBQoS Policies 149 Using NTA to prepare a CBQoS implementation 149 DynamicallyMonitoring CBQoS 152 Monitoring AutonomousSystemNetworks(through BGP) 154 Preparing to MonitorAutonomousSystemNetworks 155 Managing AutonomousSystemNetworks 158 Monitoring AutonomousSystemNetworks 160 Top XX AutonomousSystems 161 Top XX AutonomousSystemConversations 161 How To Find the Cause ofHigh Bandwidth Utilization 162 How to TrackTrafficbySite 162 How To Performan Immediate Hostname Lookup 168 Interacting with the thwackUserCommunity 168 7 SolarWindsNetFlow TrafficAnalyzerAdministratorGuide UserScenarios 168 Locating and Isolating an Infected Computer 168 Locating and Blocking Unwanted Use 170 Recognizing and Thwarting Denial ofService Attacks 171 Chapter7:Troubleshooting NetFlowTraffic Analyzer 172 NetFlow Issues 172 ChartIssues 172 Database Connection Issues 173 CBQoS Issues 173 NetFlow CollectorServices 173 Editing orAdding Collection Ports 173 Deleting Collectors 174 Troubleshooting CollectorServices 174 NetFlow Sources 175 NTA Events 177 Filtering Eventsand Displaying Historical Events 178 Clearing Events 181 NetFlow EventsList 182 NetFlow ReceiverService Stopped 183 License Limitation 183 No Valid License 183 No Space LeftOn NTA Flow Storage Database 183 Invalid Template 184 Invalid IPFIX Template 184 No Template Received 185 NetFlow Data ExportNotEnabled 185 NetFlow Time Difference Error 185 CannotConnectto NTA Flow Storage Database 186 Unmanaged NetFlow Node 186 Unmanaged NetFlow Interface 186 8 Table ofContents Unmonitored NetFlow Interface 187 NotPrimaryNPMNode IP Address 187 Running OutOfSpace NTA Flow Storage Database 188 Unmonitored Interface AutomaticallyAdded 188 NetFlow Time Difference Warning 188 NetFlow Time Difference Warning Ended 188 NetFlow ReceiverService Started 189 NetFlow ReceiverService SettingsChanged 189 NetFlow Event:Interface IndexMapping Used forA Node 189 NetFlow Event:Removing Interface IndexForA Node 189 NetFlow Database Maintenance 189 Scheduled ShrinkPerformed 189 Updating data to be used in Top XX aggregated resources 190 WindowsFirewall IsTurned On 190 NetFlow Licensing 190 Unable To StartListening On Port 190 PortIsFree Listening 191 Notification EventStatusReset 191 Enough Space Available On NTA Flow Storage Database 191 Connection to NTA Flow Storage Database HasBeen Restored 192 Resolving Unknown Traffic 192 Enabling Flow Monitoring fromUnmanageable Interfaces 194 Unmanageable Interface Speed 196 ChartIssues 196 Database Connection Issues 198 CBQoS Issues 200 CBQoS IssuesList 200 Chapter8:NetFlowTraffic AnalyzerReports 201 NTA Reports 201 ReportWriterReports 203 9 SolarWindsNetFlow TrafficAnalyzerAdministratorGuide Web-Based Reports 203 Using Customized ReportWriterReportsin the Orion Web Console 204 NetFlow-SpecificPredefined Reports 205 Historical NetFlow Reports 205 Historical CBQoS Reports 207 Executing Reports 208 Creating Web-Based ReportsforNTA 209 Creating Web-Based ReportsUsing SWQL 211 Editing Web-Based Reports 213 BestPracticesforSolarWindsNTA Reports 222 Example:Creating Customized ReportWriterReportsasWeb-Based 224 Defining the Objectto ReportOn 226 Defining Column Detailsfora Report 230 Chapter9:Using SolarWinds NTA Alerts 234 NetFlow-SpecificPredefined Alerts 234 Top TalkerAlerts 234 CBQoS Alerts 235 Configuring NetFlow Alerts 236 Creating and Managing Alerts 239 AlertPreconfiguration Tasks 240 Sending an Email/Page 241 Dialing a Paging orSMS Service 241 Playing a Sound 241 Sending an SMNP Trap 242 Creating Textto Speech Output 242 Configuring the DefaultEmail Action 243 Navigating to the AlertManager 243 SettingsPage (Recommended) 244 All Active AlertsResource 244 Active AlertsDetails 244 10
Description: