Shulou(Shulou.com)06/01 Report--

View historical data of network traffic in Ossim

Establishing a baseline in the monitoring network segment is an important measure in network monitoring. If there is no baseline traffic, there will be no comparison standard. Through this method, the traffic changes that cause problems can be found. Under the OSSIM platform, these data are collected by sniffing data packets, conducting protocol analysis (implemented through Ntop), and providing sample data of sFlow/NetFlow monitoring. The system can most often save one year's traffic data. Let me show you some examples.

You need to look at the historical data of the network load, as long as the RRD plugin plug-in is enabled.

You can also select Sensor distributed in different VLAN, view the traffic details of multiple network segments on a unified Web console, and view the historical traffic data for the whole year and half a year below.

What does "95th Percentile" mean? In fact, this is a common bandwidth billing method, which takes the bandwidth usage at a certain time interval (for example, 5 minutes), then removes the highest 5%, and the remaining 95% of the bandwidth is your network traffic. If you pay attention to this unit, it also appears frequently in Cacti. In addition to traffic, we also need to pay attention to the flow direction, those hosts often communicate with each other, through a map at a glance.

According to this picture, when a worm breaks out on the network, even if you don't grab the packet, you can see the problem through the flow of the packet, which is very convenient.

Well, the content about OSSIM query historical traffic is briefly introduced here, there are a large number of practical functions hidden in the system, the key is how to use her.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.