https://community.cisco.com/t5/security-analytics/stealthwatch-capacity-planning/m-p/3460706#M71 <HTML><HEAD></HEAD><BODY><P>thank you for reply, i think i misunderstand the topic of this thread <IMG src="https://community.cisco.com/legacyfs/online/emoticons/laugh.png" /></P></BODY></HTML> Wed, 21 Mar 2018 00:58:01 GMT lin jia 2018-03-21T00:58:01Z https://community.cisco.com/t5/security-analytics/stealthwatch-capacity-planning/m-p/3460702#M67 <HTML><HEAD></HEAD><BODY><P>What are the parameters other than CPU, Memory and Storage that should be monitored on Stealthwatch in order to do capacity planning effectively. Following are been deployed int the production environment </P><P></P><P><SPAN style="font-size: 11.0pt; font-family: 'Calibri',sans-serif; color: black;">FlowCollector for NetFlow 4000</SPAN></P><P><SPAN style="color: black; font-size: 11.0pt; font-family: 'Calibri',sans-serif;">FlowReplicator 2000 - UDP Director</SPAN></P><P><SPAN style="color: black; font-size: 11.0pt; font-family: 'Calibri',sans-serif;">SMC- VM</SPAN></P><P><SPAN style="color: black; font-size: 11.0pt; font-family: 'Calibri',sans-serif;">FlowSensor 1000</SPAN></P></BODY></HTML> Mon, 29 May 2017 08:34:12 GMT https://community.cisco.com/t5/security-analytics/stealthwatch-capacity-planning/m-p/3460702#M67 kmittal 2017-05-29T08:34:12Z https://community.cisco.com/t5/security-analytics/stealthwatch-capacity-planning/m-p/3460703#M68 <HTML><HEAD></HEAD><BODY><P>Great question, @<SPAN class="j-post-author"><STRONG><A href="https://community.cisco.com//people/kmittal">kmittal</A></STRONG></SPAN></P><P></P><P>At the heart of the system the FlowCollector 4000 is rated to consume a 120,000 flows/sec consistently.&nbsp; You can see that consumption on the Flow Collector Dashboard in the Desktop Client.&nbsp; You already mentioned storage but look at the appliance interface on the FlowCollector under the Database Statistics view you will see how much is being utilized and how many days of retention you have.</P><P></P><P>The UDP Director appliance UI will show you the pps in/out and you'll want to be mindful of, the link utilization of the production interface because that's generally the first bottleneck folks encounter on that device.</P><P></P><P>On the FlowSensor, monitor the link utilization.&nbsp; You can use the Interface Status view of that exporter. You don't want to overrun the bandwidth of the input link or you'll miss traffic.</P><P></P><P>On the SMC you'll have some slowness if you're letting the whole SOC and NOC teams bang on it while running heavy reports and managing two dozen FlowCollectors during peak traffic times.&nbsp; Fortunately, the stuff you need to monitor there is already in the Desktop Client, just double-click on the SMC in the enterprise tree on the left.</P><P></P><P>Hope that helps,</P><P></P><P>--jg</P></BODY></HTML> Thu, 22 Jun 2017 15:08:10 GMT https://community.cisco.com/t5/security-analytics/stealthwatch-capacity-planning/m-p/3460703#M68 jamegill 2017-06-22T15:08:10Z https://community.cisco.com/t5/security-analytics/stealthwatch-capacity-planning/m-p/3460704#M69 <HTML><HEAD></HEAD><BODY><P>hi, James Gill， </P><P><SPAN lang="en">I would like to know if there is a specific case for capacity planning, such as whether it can provide recommendations for purchasing more products by observing network traffic trends and network load trends. <SPAN>However, I have a question. The network capacity is often related to the number of terminals. The number of terminals is often influenced by human factors. Can we predict the number of terminals?</SPAN></SPAN></P></BODY></HTML> Mon, 19 Mar 2018 07:12:14 GMT https://community.cisco.com/t5/security-analytics/stealthwatch-capacity-planning/m-p/3460704#M69 lin jia 2018-03-19T07:12:14Z https://community.cisco.com/t5/security-analytics/stealthwatch-capacity-planning/m-p/3460705#M70 <HTML><HEAD></HEAD><BODY><P>Hello, lin jia.</P><P>The original question asked about planning for resources needed to support the Stealthwatch system.&nbsp; Here, you appear to be asking about network capacity planning more generally.</P><P></P><P>Within Stealthwatch you can observe trends and set thresholds to get alarms when monitored network interface utilization surpasses a given percentage (default is 80%).&nbsp;&nbsp; Stealthwatch is a great tool for visibility generally and can provide a wealth of information to assist.&nbsp; However it is not designed as a capacity planning tool and does not build in the usual assumptions used by specialists in that area.&nbsp;&nbsp; Rather, Stealthwatch includes specialized algorithms to detect security anomalies and highlight behavior patterns relevant to securito operations and incident response.</P><P></P><P>I hope that helps!</P><P></P><P>--jg</P></BODY></HTML> Tue, 20 Mar 2018 17:02:23 GMT https://community.cisco.com/t5/security-analytics/stealthwatch-capacity-planning/m-p/3460705#M70 jamegill 2018-03-20T17:02:23Z https://community.cisco.com/t5/security-analytics/stealthwatch-capacity-planning/m-p/3460706#M71 <HTML><HEAD></HEAD><BODY><P>thank you for reply, i think i misunderstand the topic of this thread <IMG src="https://community.cisco.com/legacyfs/online/emoticons/laugh.png" /></P></BODY></HTML> Wed, 21 Mar 2018 00:58:01 GMT https://community.cisco.com/t5/security-analytics/stealthwatch-capacity-planning/m-p/3460706#M71 lin jia 2018-03-21T00:58:01Z