IP Groups with Exclude Criteria alone
IP Group Management lets you monitor departmental, intranet or application specific traffic exclusively. You can create IP groups based on IP addresses and/or a combination of port and protocol.
We provide the option to create IP Groups with IP Criteria like IP address / IP Network / IP Network Range with Include, Exclude and Between Sites option.
This document is to provide details on the IP Groups created with only the Exclude criteria in do not reflect the expected output:
The IP Group criteria in NetFlow Analyzer works based on the IP and not the actual direction of the traffic.
During flow lookup , if the flow doesn't contain excluded ip then we add that conversation octet in both (Src , Dst) table .
So for Example, if we created a IP Group with the Exclude criteria of 1.1.1.1.
We will check if this IP is available in the flow data or not, if not then we will dump all the data for both IN and OUT traffic for that IP Group.
This is the reason we show the same data for IN and OUT traffic if a IP groups is created only with exclude criteria.
I Hope this helps in understanding the behavior for the IP Groups.
If you have any further quires, you can get support by send email to our support email address netflowanalyzer-support@manageengine.com
We provide the option to create IP Groups with IP Criteria like IP address / IP Network / IP Network Range with Include, Exclude and Between Sites option.
This document is to provide details on the IP Groups created with only the Exclude criteria in do not reflect the expected output:
The IP Group criteria in NetFlow Analyzer works based on the IP and not the actual direction of the traffic.
During flow lookup , if the flow doesn't contain excluded ip then we add that conversation octet in both (Src , Dst) table .
So for Example, if we created a IP Group with the Exclude criteria of 1.1.1.1.
We will check if this IP is available in the flow data or not, if not then we will dump all the data for both IN and OUT traffic for that IP Group.
This is the reason we show the same data for IN and OUT traffic if a IP groups is created only with exclude criteria.
I Hope this helps in understanding the behavior for the IP Groups.
If you have any further quires, you can get support by send email to our support email address netflowanalyzer-support@manageengine.com
New to ADSelfService Plus?
Related Articles
NetFlow Analyzer DB folder Migration after 12.5 and above
Please follow the below steps to migrate Postgres DB folder alone from one setup to another: Note: The steps can be followed between 2 installation of same version of application In Old Install: 1. Stop the OpManager Service from the Services ...Consolidated fix for NetFlow Analyzer Build 10250 for Stand Alone
Note: This can be done with NetFlow Analyzer build 10250 only. Take the backup of the files before replacing. For Distributed Edition, make sure to follow the steps in Central and Collector servers. The consolidated fix is available over 10250 which ...UDP port block Message In NetFlow Analyzer
In NetFlow Analyzer we do two types of check in windows firewall, while flows are being received in server 1) Check if there is any allow rules created to allow UDP port say "9996" -Once our product find out this rule then flows collection will get ...Incorrect traffic information in Netflow analyzer
NetFlow Analyzer shows the information based on the flow Packets (NetFlow, sflow, Jflow, netstream etc..) exported by the device to the NetFlow Analyzer installed server. We have seen many customers come with the issue that the Utilization ...MSSQL Server migration
1. Stop the NetFlow Analyzer service. 2. Backup the old Netflow DB and restore on to the new DB server (Connect MSSQL client using SQL Server Management Studio and backup netflow database and restore it new server). 3. From the New MSSQL SERVER, ...