05-29-2017 01:34 AM
What are the parameters other than CPU, Memory and Storage that should be monitored on Stealthwatch in order to do capacity planning effectively. Following are been deployed int the production environment
FlowCollector for NetFlow 4000
FlowReplicator 2000 - UDP Director
SMC- VM
FlowSensor 1000
Solved! Go to Solution.
06-22-2017 08:08 AM
Great question, @kmittal
At the heart of the system the FlowCollector 4000 is rated to consume a 120,000 flows/sec consistently. You can see that consumption on the Flow Collector Dashboard in the Desktop Client. You already mentioned storage but look at the appliance interface on the FlowCollector under the Database Statistics view you will see how much is being utilized and how many days of retention you have.
The UDP Director appliance UI will show you the pps in/out and you'll want to be mindful of, the link utilization of the production interface because that's generally the first bottleneck folks encounter on that device.
On the FlowSensor, monitor the link utilization. You can use the Interface Status view of that exporter. You don't want to overrun the bandwidth of the input link or you'll miss traffic.
On the SMC you'll have some slowness if you're letting the whole SOC and NOC teams bang on it while running heavy reports and managing two dozen FlowCollectors during peak traffic times. Fortunately, the stuff you need to monitor there is already in the Desktop Client, just double-click on the SMC in the enterprise tree on the left.
Hope that helps,
--jg
06-22-2017 08:08 AM
Great question, @kmittal
At the heart of the system the FlowCollector 4000 is rated to consume a 120,000 flows/sec consistently. You can see that consumption on the Flow Collector Dashboard in the Desktop Client. You already mentioned storage but look at the appliance interface on the FlowCollector under the Database Statistics view you will see how much is being utilized and how many days of retention you have.
The UDP Director appliance UI will show you the pps in/out and you'll want to be mindful of, the link utilization of the production interface because that's generally the first bottleneck folks encounter on that device.
On the FlowSensor, monitor the link utilization. You can use the Interface Status view of that exporter. You don't want to overrun the bandwidth of the input link or you'll miss traffic.
On the SMC you'll have some slowness if you're letting the whole SOC and NOC teams bang on it while running heavy reports and managing two dozen FlowCollectors during peak traffic times. Fortunately, the stuff you need to monitor there is already in the Desktop Client, just double-click on the SMC in the enterprise tree on the left.
Hope that helps,
--jg
03-19-2018 12:12 AM
hi, James Gill,
I would like to know if there is a specific case for capacity planning, such as whether it can provide recommendations for purchasing more products by observing network traffic trends and network load trends. However, I have a question. The network capacity is often related to the number of terminals. The number of terminals is often influenced by human factors. Can we predict the number of terminals?
03-20-2018 10:02 AM
Hello, lin jia.
The original question asked about planning for resources needed to support the Stealthwatch system. Here, you appear to be asking about network capacity planning more generally.
Within Stealthwatch you can observe trends and set thresholds to get alarms when monitored network interface utilization surpasses a given percentage (default is 80%). Stealthwatch is a great tool for visibility generally and can provide a wealth of information to assist. However it is not designed as a capacity planning tool and does not build in the usual assumptions used by specialists in that area. Rather, Stealthwatch includes specialized algorithms to detect security anomalies and highlight behavior patterns relevant to securito operations and incident response.
I hope that helps!
--jg
03-20-2018 05:58 PM
thank you for reply, i think i misunderstand the topic of this thread
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide