Flow/Profiling

From Observer GigaFlow Support | VIAVI Solutions Inc.
Jump to: navigation, search

This is a very powerful feature allowing white-listed flows to be matched to a set of defined IP addresses. It is very configurable in both the definitions of the selected "entries" that are going to have their flows checked against and the definition of the "acceptable flow"

It has been found the best way to start into Flow Profiling is to select one type of device and a single ip of this type. In retail this might be a Point of sale. Then build a profile based on flows out of the device ip.

The Feature IP Viewer has been built to be used to allow the presentation the outbound sessions created over time

Talking this address a defined set of acceptable flows can be built.

Flow Profiling Definitions

Entry This is the definition of the set of IP addresses that are to be profiled

Allowed This is the definition of the flows that can match ans pass without causing an exception

Hits This is the number of flow records that have matched the allowed flows

Exceptions This is the flow records that have not matched the Allowed Flow record template

Alert This is to decide if exceptions are stored in the alerts

Flow Object This is the grouping of a series of flows that can be called by the profilier


This first thing that has to be done is define the entry to do this we need to introduce another component of the system and that is a flow object A flow object is a way to group together a number of flow definitions so that they can be called into the profiler and makes it simpler and neater to understand the profiling template. This is more obvious when dealing with devices with large dispersed sessions.

The Profiling page has a set of three tabs Config Apps/Objects IP Viewer to allow navigation to sections to develop Flow Objects