NetFlow Analyzer data storage
NetFlow Analyzer has two modes of data storage - the raw data and the aggregated data.
Information about raw data
NetFlow Analyzer 5 allows you to store raw netflow data for upto 2 weeks (minimum period of 1 hour). This period is configurable and can be set from the user interface (RunTime Administration -> Raw Data Period). The period you can set it to depends on the flow rate and on the amount of free hard disk space available on that drive. The raw data is used for generating the following reports
1. Troubleshooting reports
2. Alert reports
3. Last Hour Source, Destination, Conversation and drill downs.
Note: troubleshooting and alert reports will be available only for the period configured.
Information about aggregated data
Please find below the data storage pattern in NFA as of release 4020 (and above).
This information would enable the user to select the appropriate from and to times for the reports and gain optimum value from the product.
Traffic Tab and the traffic graph in consolidated reports (Holds good for the speed, utilization and volume sub-tabs):
Data within the last 6 hours - 1 minute granularity, however please note that you would have to include at lease one 10 minute data point between the from and to time (Note: For 6 hours after migration from an earlier build using a patch, only 10 minute granularity will be available during this period)
Data greater than 6 hours and within the last 26 hours - 10 minute granularity
Data greater than 26 hours and within the last 8 days - 1 hour granularity
Data greater than 8 days and within the last 32 days - 6 hour granularity
Data greater than 32 days and within the last 92 days - 24 hour granularity
Data greater than 92 days - weekly granularity.
Application Tab and Application IN and Application OUT reports in consolidated reports (Holds good for the speed, utilization and volume sub-tabs):
Data within the last 2 hours - 10 minute granularity
Data greater than 2 hours and within the last 8 days - 1 hour granularity (Please note that hourly granularity has been increased from 3 days to 8 days in this release)
Data greater than 8 days and within the last 21 days - 6 hour granularity
Data greater than 21 days and within the last 90 days - 24 hour granularity
Data greater than 90 days - weekly granularity.
All other reports: This includes
a) Source, Destination, Conversation tabs
b) Drill downs from Application, Source, Destination tabs
c) Custom report
d) Source IN, Source OUT, Destination IN and Destination OUT reports in consolidate reports
Data within the last 1 hour - Reports generated from unaggregated raw data. However for IP Groups, we show reports with 10 minute granularity
Data greater than 1 hour and within the last 3 days - 1 hour granularity
Data greater than 3 days and within the last 21 days - 6 hour granularity
Data greater than 21 days and within the last 90 days - 24 hour granularity
Data greater than 90 days - weekly granularity.
Thanks
Raghu
Information about raw data
NetFlow Analyzer 5 allows you to store raw netflow data for upto 2 weeks (minimum period of 1 hour). This period is configurable and can be set from the user interface (RunTime Administration -> Raw Data Period). The period you can set it to depends on the flow rate and on the amount of free hard disk space available on that drive. The raw data is used for generating the following reports
1. Troubleshooting reports
2. Alert reports
3. Last Hour Source, Destination, Conversation and drill downs.
Note: troubleshooting and alert reports will be available only for the period configured.
Information about aggregated data
Please find below the data storage pattern in NFA as of release 4020 (and above).
This information would enable the user to select the appropriate from and to times for the reports and gain optimum value from the product.
Traffic Tab and the traffic graph in consolidated reports (Holds good for the speed, utilization and volume sub-tabs):
Data within the last 6 hours - 1 minute granularity, however please note that you would have to include at lease one 10 minute data point between the from and to time (Note: For 6 hours after migration from an earlier build using a patch, only 10 minute granularity will be available during this period)
Data greater than 6 hours and within the last 26 hours - 10 minute granularity
Data greater than 26 hours and within the last 8 days - 1 hour granularity
Data greater than 8 days and within the last 32 days - 6 hour granularity
Data greater than 32 days and within the last 92 days - 24 hour granularity
Data greater than 92 days - weekly granularity.
Application Tab and Application IN and Application OUT reports in consolidated reports (Holds good for the speed, utilization and volume sub-tabs):
Data within the last 2 hours - 10 minute granularity
Data greater than 2 hours and within the last 8 days - 1 hour granularity (Please note that hourly granularity has been increased from 3 days to 8 days in this release)
Data greater than 8 days and within the last 21 days - 6 hour granularity
Data greater than 21 days and within the last 90 days - 24 hour granularity
Data greater than 90 days - weekly granularity.
All other reports: This includes
a) Source, Destination, Conversation tabs
b) Drill downs from Application, Source, Destination tabs
c) Custom report
d) Source IN, Source OUT, Destination IN and Destination OUT reports in consolidate reports
Data within the last 1 hour - Reports generated from unaggregated raw data. However for IP Groups, we show reports with 10 minute granularity
Data greater than 1 hour and within the last 3 days - 1 hour granularity
Data greater than 3 days and within the last 21 days - 6 hour granularity
Data greater than 21 days and within the last 90 days - 24 hour granularity
Data greater than 90 days - weekly granularity.
Thanks
Raghu