Real-Time Visualization Dashboard in
SonicOS 5.8
What is the Visualization Dashboard?
The SonicWALL Visualization Dashboard offers administrators an effective and efficient
interface to visually monitor their network in real time. The Visualization Dashboard provides
effective flow charts of real-time data, customizable rules, and flexible interface settings.
Administrators can efficiently view and sort real-time network and bandwidth data to
accomplish a variety of tasks which include:
• Identify applications and websites with high bandwidth demands
• View application usage on a per-user basis
• Anticipate attacks and threats encountered by the network
The App Flow Monitor and Real-Time Monitor are new features available in the SonicWALL
Visualization Dashboard. Each feature contains unique, real-time data streaming qualities that
improve upon the existing Visualization Dashboard. These features are found in the SonicOS
left-side menu under Dashboard.
The App Flow Monitor provides administrators a customizable interface to view real-time data
pertaining to Applications, Users, URLs, Initiators, Responders, Threats, VoIP, VPN, Devices
and Content.
The Real-Time Monitor provides administrators real-time flow charts of Applications, Ingress
and Egress Bandwidth traffic, Multi-Core Monitoring, and Memory Usage.
This document contains the following sections:
• “App Flow Monitor” section on page 2
–
“Filter Options” section on page 3
–
“App Flow Monitor Tabs” section on page 3
–
“App Flow Monitor Toolbar” section on page 4
–
“Group Options” section on page 5
–
“Group Options” section on page 5
–
“App Flow Monitor Status” section on page 6
–
“App Flow Monitor Views” section on page 7
SonicOS 5.8 Visualization Feature Guide
1
App Flow Monitor
• “Real-Time Monitor” section on page 11
–
“Using the Toolbar” section on page 12
–
“Real-Time Application Flow” section on page 13
–
“Ingress and Egress Bandwidth Flow” section on page 14
–
“The Multi-Core Monitor Flow” section on page 16
–
“Memory Usage Flow” section on page 18
• “Enabling Flow Collection” section on page 19
• “Using Filtering Options” section on page 19
App Flow Monitor
The App Flow Monitor provides administrators with real-time, incoming and outgoing network
data. Various views and customizable options in the App Flow Monitor Interface assist in
visualizing the traffic data.
This section contains the following subsections:
• “Filter Options” section on page 3
• “App Flow Monitor Tabs” section on page 3
• “App Flow Monitor Toolbar” section on page 4
• “Group Options” section on page 5
• “Group Options” section on page 5
• “App Flow Monitor Status” section on page 6
• “App Flow Monitor Views” section on page 7
2
SonicOS 5.8 Visualization Feature Guide
Filter Options
The App Flow Monitor Filter Options allows the administrator to filter out incoming, real-time
data. Administrators can apply, create, and delete custom filters to customize the information
they wish to view. The Filter Options apply across all the Application Flow tabs. Please refer to
the “Using Filtering Options” section on page 19.
Option Widget Description
Add to Filter Adds current selection to filter.
Remove from
Filter
Load Filter Loads existing filter settings.
App Flow Monitor
At least 1 item must be selected in order to use
the Filter Options. After doing so, all other tabs
will update with information pertaining to the
items in the filter.
Removes the current selection from the filter
view by clicking on the X.
Save Saves the current filter settings.
Delete Deletes the current filter settings.
App Flow Monitor Tabs
The App Flow Monitor Tabs contains details about incoming and outgoing network traffic. Each
tab provides a faceted view of the network flow. The data is organized by Applications, Users,
URLs, Initiators, Responders, Threats, VoIP, VPN, Devices, and Content.
• The Applications tab displays a list of Applications currently accessing the network.
• The Users tab displays a list of Users currently connected to the network.
• The URLs tab displays a list of URLs currently accessed by Users.
• The Initiators tab displays details about current connection initiators.
• The Responders tab displays details about current connection responders.
• The Threats tab displays a list of threats encountered by the network.
• The VoIP tab displays current VoIP and media traffic.
• The VPN tab displays a list of VPN sessions connected to the network.
• The Devices tab displays a list of devices currently connected to the network.
• The Contents tab displays information about the type of traffic flowing through the network.
SonicOS 5.8 Visualization Feature Guide
3
App Flow Monitor
App Flow Monitor Toolbar
The App Flow Toolbar allows for customization of the App Flow Monitor interface. The ability to
create rules and add items to filters allows for more application and user control. Different
views, pause and play abilities, customizable data intervals and refresh rates are also available
to aid in visualizing incoming, real-time data.
Option Widget Description
Filter View Adds selected items to the filter.
Interval The span of time in which data is collected.
Group Categorizes selections according to the available
List View Provides a detailed list view of the data flow.
grouping options which vary depending on the
tab that is selected.
Please refer to the “Group Options” section on
page 5.
Pie Chart View Provides a pie chart view of the data flow.
Flow Chart View Provides a flow chart view of the data flow.
Export Exports the data flow in comma separated
variable (.csv) format.
Print Prints the current data displayed.
Configuration Allows for customization of the display by
enabling or disabling columns for Applications,
Sessions, Packets, Bytes, Rate, and Threats.
Also allows the administrator to enable or disable
commas in numeric fields.
Refresh Button
Status Update Provides status updates about App signatures,
Refreshes the real-time data.
GAV Database, Spyware Database, IPS
Database, Country Database, Max Flows in
Database, and CFS Status. Please refer to the
“App Flow Monitor Status” section on page 6 for
more information.
A green status icon signifies the Content Filtering
Services (CFS) is active.
A yellow status icon signifies the CFS is not
active.
4
SonicOS 5.8 Visualization Feature Guide
Option Widget Description
Refresh Rate Rate at which data is refreshed.
Pause/Play Freezes and unfreezes the data flow. Doing so
Group Options
The Group option sorts data based on the specified group. Each tab contains different grouping
options.
• The Applications tab can be grouped by:
• The Users tab can be grouped by:
• The URL tab can be grouped according to:
• The Initiators tab can be grouped according to:
• The Responders tab can be grouped according to:
• The Threats tab can be grouped according to:
A numeric integer between 10 and 999 must be
specified.
If 300 is entered in the numeric field, that means
the data flow will refresh every 300 seconds.
gives the administrator flexibility when analyzing
real-time data.
–
Application: Groups all traffic generated by an application.
–
Category: Groups all traffic generated by an application category.
–
User Name: Groups all traffic generated by a specific user.
–
IP Address: Groups all traffic generated by a specific IP address.
–
Domain Name: Groups all traffic generated by a specific domain name.
–
Auth Type: Groups all traffic generated by a specific authorizing type.
–
URL: Groups all traffic generated by a URL.
–
Domain Name: Groups all traffic generated by a domain name.
–
Rating: Groups all traffic generated based on rating.
–
IP Address: Groups all traffic generated by a specific IP address.
–
Interface: Groups all traffic according to interface.
–
Country: Groups all traffic generated by country.
–
Domain Name: Groups all traffic generated by a domain name.
–
IP Address: Groups all traffic by IP address.
–
Interface: Groups responders by interface.
–
Country: Groups responders by country.
–
Domain Name: Groups responders by domain name.
–
Intrusions: Groups all threats by type of intrusion.
–
Viruses: Shows threats that fall under the category of viruses.
–
Spyware: Shows all threats that fall under the category of spyware.
–
Spam: Shows all threats that fall under the category of spam.
App Flow Monitor
SonicOS 5.8 Visualization Feature Guide
5
App Flow Monitor
• The VoIP tab can be grouped according to:
–
Media Type: Groups VoIP according to media type.
–
Caller ID: Groups VoIP according to caller ID.
• The VPN tab can be grouped according to:
–
Remote IP Address: Groups VPN access according to the remote IP address.
–
Local IP Address: Groups VPN access according to the local IP address.
–
Name: Groups VPN access according to the user’s name.
• The Devices tab can be grouped according to:
–
IP Address: Groups devices accessing the network by IP address.
–
Interface: Groups devices by interface.
–
Name: Groups devices by type.
• The Contents tab can be grouped according to:
–
Email Address: Groups contents by email address.
–
File Name: Groups contents by file name.
App Flow Monitor Status
The App Flow Monitor Status dialog appears when the cursor rolls over the Status button in the
toolbar. The App Flow Monitor Status provides updates about the App Signatures, GAV
Database, Spyware Database, IPS Database, and Country Database. The dialog also informs
administrators about the Content Filtering Service (CFS) status and Max Flows in the
Database.
The option to enable or disable the flow collection is available in the Status dialog.
If the Status dialog is no longer wanted, click close in the upper-right corner.
6
SonicOS 5.8 Visualization Feature Guide
App Flow Monitor Views
Three views are available for the App Flow Monitor: Detailed, Pie Chart, and Flow Chart View.
Each view provides the administrator a unique display of incoming, real-time data.
List View
In the List View, each App Flow tab is comprised of columns displaying real-time data. These
columns are organized into sortable categories.
App Flow Monitor
• Check Box: Allows the administrator to select the item.
• Main Column: The title of the Main Column is dependent on the selected tab. For example,
if the Users Tab is the selected, then the Main Column header will read “Users”. In that
column, the name of the Users connected to the network are shown.
• Sessions: Displays how many sessions are currently active.
• Packets: Displays the number of data packets transferred.
• Bytes: Displays the number of bytes transferred.
• Rate (KBps): Displays the rate at which data is transferred.
• Threats: Displays the number of threats encountered by the network.
• Total: Displays the total Sessions, Packets, and Bytes sent during the duration of the
current interval.
SonicOS 5.8 Visualization Feature Guide
7
App Flow Monitor
Application Details
Each item listed in the Main Column provides a link to an Application Detail dialog. A display
appears when the item links are clicked. The dialog provides:
• a description of the item.
• information pertaining to the category, threat level, type of technology the item falls under,
and other additional information.
• a Wikipedia excerpt about the selected item.
• Application details are particularly useful when an Administrator does not recognize the
name of an Application.
Graph View
8
SonicOS 5.8 Visualization Feature Guide
The Graph View displays the top applications and the percentage of bandwidth used. The
percentage of bandwidth used is determined by taking the total amount of bandwidth used by
the top applications, and dividing that total by the amount of top applications.
Flow Chart View
The Flow Chart View provides details about bandwidth usage for the top applications.
Applications are plotted according to bytes transferred. Each application is represented by a
particular color and are visible in the legend located in the lower-left corner of the Flow Chart.
Options are available to Lock/Unlock, Display, Scale, and View the App Flow Monitor Flow
Chart.
App Flow Monitor
Option Widget Description
Lock
Locks the Display options for the Flow Chart
interface.
Unlock
Unlocks the Display options for the Flow Chart
interface.
Display Displays all, multiple, or individual items in the
flow chart.
The list of individual items vary depending on the
tab that is selected.
Scale Allows for Auto Y-Scaling or customized scaling.
The values for customized scaling must be a
numeric integer. Specifying a unit is optional. If a
unit is desired, these are the available options:
• K for Kilo.
• M for Mega.
• G for Giga.
• % for percentage.
If a custom scale of 100Kbps is desired, then
“100K” should be entered. The numeric integer
100 is entered followed by the unit K.
SonicOS 5.8 Visualization Feature Guide
9
App Flow Monitor
Tooltips
Rolling over the interfaces provides tooltips with information about the current bytes, peak
bytes, and percentage of bandwidth consumed.
Flow Chart Roll-Over
An interesting feature that the Flow Chart View provides is the ability to roll-over plotted lines.
By rolling over the lines, data about the name of the application and amount of bytes transferred
are visible. The data correlates to the moment in time the data is plotted.
10
SonicOS 5.8 Visualization Feature Guide
Real-Time Monitor
The Real-Time Monitor provides administrators an inclusive, multi-functional display with
information about applications, bandwidth usage, multi-core monitoring, and memory usage.
The Real-Time Monitor comprises of a toolbar and four real-time data flows which consist of
Applications, Ingress and Egress Bandwidth, Multi-Core Monitor, and Memory Usage.
Real-Time Monitor
This section contains the following subsections:
• “Using the Toolbar” section on page 12
• “Real-Time Application Flow” section on page 13
• “Ingress and Egress Bandwidth Flow” section on page 14
• “The Multi-Core Monitor Flow” section on page 16
• “Memory Usage Flow” section on page 18
SonicOS 5.8 Visualization Feature Guide
11
Real-Time Monitor
Using the Toolbar
The Real-Time Monitor Toolbar contains features to specify the refresh rate, export details,
configure color palettes, change the amount of data displayed, and pause or play the data flow.
Changes made to the toolbar apply across all the data flows.
Option
Refresh rate Determines the frequency at which data is
Export Exports the data flow into a comma separated
Print Prints the current data flow display.
Configure Allows for customization of the color palette for
Show Displays data pertaining to a specific span of
Widget Description
refreshed. A numerical integer between 1 to 10
seconds is required.
variable (.csv) file. The default file name is
sonicflow.csv.
the Application Chart and Bandwidth Chart.
To customize the Color Palette:
• Enter the desired hexadecimal color codes in
the provided text fields.
• Select Default for a default range of colors.
• Select Generate to generate a random range
of colors.
If a gradient is desired, select the Use Gradient
box located below the text fields.
time.
12
Time & Date Displays the current time in 24-hour format
(hh:mm:ss), and the current date in Month/Day
format.
Pause Freezes the data flow. The time and date will also
freeze.
The Pause button will appear gray if the data flow
has been frozen.
Play Unfreezes the data flow. The time and date will
refresh as soon as the data flow is updated.
The Play button will appear gray if the data flow
is live.
SonicOS 5.8 Visualization Feature Guide
Real-Time Application Flow
The Applications data flow provides a visual representation of the current applications
accessing the network.
Options are available to Lock/Unlock, Display, Scale, and View the Application interface.
Option Widget Description
Lock
Unlock
Application
Display
Real-Time Monitor
Locks the Display options for the Application
interface.
Unlock the Display options for the Application
interface.
Specifies the applications displayed in the
Application Flow Chart.
A drop menu allows the administrator to specify
Top Applications, All Applications, unclassified,
or individual applications. If desired, multiple
applications can be selected by clicking more
than one check box.
Scale Allows for Auto Y-Scaling or customized scaling
of the Application Flow Chart.
The values for customized scaling must be a
numeric integer. Specifying a unit is optional. If a
unit is desired, these are the available options:
• K for Kilo.
• M for Mega.
• G for Giga.
• % for percentage.
If a custom scale of 100Kbps is desired, then
“100K” should be entered. The numeric integer
100 is entered followed by the unit K.
Bar Graph
Displays the Applications data in a bar graph
format.
Flow Chart
Displays the Applications data in a flow chart
format.
SonicOS 5.8 Visualization Feature Guide
13
Real-Time Monitor
Available Formats
Administrators are able to view the Application flow charts in a bar graph format or flow chart
format. The bar graph format displays applications individually, allowing administrators to
compare applications. In this graph, the x-axis displays the name of the applications. The y-axis
displays the amount of traffic for each application.
The flow chart format displays over lapping application data. In this graph, the x-axis displays
the current time and the y-axis displays the traffic for each application.
Tooltips
Rolling over the interfaces provides tooltips with information about current bytes, peak bytes,
and percentage of bandwidth the application is using.
Ingress and Egress Bandwidth Flow
The Ingress and Egress Bandwidth data flow provides a visual representation of incoming and
outgoing bandwidth traffic. The current percentage of total bandwidth used, average flow of
bandwidth traffic, and the minimum and maximum amount of traffic that has gone through each
interface is available in the display.
14
SonicOS 5.8 Visualization Feature Guide
Real-Time Monitor
Options are available to customize the Display, Scale, and View of the Ingress and Egress
Bandwidth interface.
Option Widget Description
Interface Rate
Display
Specifies which Interfaces are displayed in the
Bandwidth Flow Chart.
A drop menu provides the administrator with
options to specify All Interfaces Rate, All
Interfaces, and individual interfaces.
The individual interfaces vary depending on the
number of interfaces on the administrator’s
network. Multiple interfaces can be selected if
desired.
Scale Allows for Auto Y-Scaling or custom scaling of
the Bandwidth Flow Chart.
The values for customized scaling must be a
numeric integer. Specifying a unit is optional. If a
unit is desired, four options are available:
• K for Kilo.
• M for Mega.
• G for Giga.
• % for percentage.
If a custom scale of 100Kbps is desired, then
“100K” should be entered. The numeric integer
100 is entered followed by the unit K.
Bar Graph
Format
Flow Chart
Format
Displays the real-time Bandwidth data in a bar
graph format.
Displays the real-time Bandwidth data in a flow
chart format.
Formats
Administrators are able to view the Ingress and Egress Bandwidth flow chart in a bar graph
format or flow chart format.
The bar graph format displays data pertaining to individual interfaces in a bar graph; allowing
administrators to compare individual Bandwidth Interfaces. In this graph, the x-axis denotes the
Interfaces whereas the y-axis denotes the Ingress and Egress Bandwidth traffic.
SonicOS 5.8 Visualization Feature Guide
15
Real-Time Monitor
Tooltips
The flow chart format overlaps the Bandwidth Interfaces; allowing administrators to view all of
the Ingress and Egress Bandwidth traffic as it occurs. The x-axis displays the current time and
the y-axis displays the Ingress and Egress Bandwidth traffic.
Rolling over the interfaces provides tooltips with information about the interface assigned zone,
IP address, and current port status.
Note The Bandwidth flow charts have no direct correlation to the Application flow charts.
The Multi-Core Monitor Flow
The Multi-Core Monitor provides the administrator with information on the CPU usage of their
appliance. The graph shows current percentage of utilization, average percentage used,
minimum percentage used, and maximum percentage used.
16
SonicOS 5.8 Visualization Feature Guide
Real-Time Monitor
Scale, and View are options available to customize the Multi-Core Monitor interface.
Option Widget Description
Aggregate
Display
Specifies which Cores are displayed in the
Multi-Core Monitor Flow Chart.
A drop menu allowing the administrator to specify
Current (Aggregate), Average (Aggregate), and
individual Cores.
The individual Cores vary depending on the
number of Cores available. Multiple Cores can be
selected if desired.
Scale Allows for Auto Y-Scaling or customized scaling
of the Application Flow Chart.
The values for customized scaling must be a
numeric integer. Specifying a unit is optional. If a
unit is desired, the four available options include:
• K for Kilo.
• M for Mega.
• G for Giga.
• % for percentage.
If a custom scale of 100 percent is desired, then
“100%” should be entered. The numeric integer
100 is entered followed by the unit K.
Bar Graph
Format
Flow Chart
Format
Displays the Multi-Core Monitor data in a bar
graph format.
Displays the Multi-Core Monitor data in a flow
chart format.
Formats
Administrators are able to view the Multi-Core Monitor flow chart in a bar graph format or flow
chart format.
The bar graph format displays data pertaining to individual Cores in a bar graph. In this graph
the x-axis displays the Cores where the y-axis displays the percentage of CPU used.
SonicOS 5.8 Visualization Feature Guide
17
Real-Time Monitor
The flow chart format overlaps the Multi-Core Monitor data. The x-axis displays the current time
and the y-axis displays the percentage of CPU used.
Memory Usage Flow
The Memory Usage data flow provides the administrator a visual representation of available
memory for usage, total used memory, and memory used by the database. The x-axis units
display the memory size. The y-axis displays the available memory, used memory, and
database memory.
.
18
SonicOS 5.8 Visualization Feature Guide
Enabling Flow Collection
The realtime application monitoring features rely on flow the collection mechanism in order to
collect and display data. Before using App Flow Monitor or the “applications” chart in the
Real-Time Monitor, you must first enable and configure the flow collection feature.
Prior to enabling the Flow Collection feature, your status button may display a warning.
To enable flow collection:
Enabling Flow Collection
Step 1 Navigate to the Log > Flow Reporting page in the SonicOS management interface.
Step 2 Select the Enable Flow Reporting and Visualization checkbox.
Step 3 Click the Accept button to save your changes and enable the feature.
Step 4 Navigate to the Network > Interfaces page.
Step 5 Click the Configure icon for the interface you wish to enable flow reporting on.
Step 6 In the Advanced tab, ensure that the Enable flow reporting checkbox is selected.
Step 7 Click the OK button to save your changes.
Step 8 Repeat steps 5 through 7 for each interface you wish to monitor.
Note For more detailed information on configuring Flow Reporting settings, refer to the
SonicWALL Net Flow Feature Module.
SonicOS 5.8 Visualization Feature Guide
19
Using Filtering Options
Using Filtering Options
Using filtering options allow administrators to reduce the amount of data seen in the App Flow
Monitor. By doing so, administrators can focus on points of interest without distraction from
other applications. To use the Filtering Options:
Step 1 Log into the SonicWALL Network Security Appliance and go to Dashboard > App Flow
Monitor > Applications Tab. Then select the check boxes of the applications you wish to add
to the filter. In this case, BitTorrent is selected.
Step 2 Click Filter View to add BitTorrent to the filter.
Step 3 Once the application is added to the filter, only BitTorrent is visible in the Applications tab.
More information about Users, peer connectivity, and packets sent are visible in the App Flow
Monitor tabs. The Users using BitTorrent are visible in the Users tab. The IP Addresses of these
users are visible in the Initiators tab. The IP Addresses of the connected peers who are sharing
packets are visible in the Responders Tab.
20
SonicOS 5.8 Visualization Feature Guide
Using Filtering Options
Document Version History
Version Number Date Notes
1 10/20/10 This document was created by J. Ly.
2 11/5/10 Incorporated feedback from M. Kumar.
3 12/10/10 Updated for new build by P. Lydon
PN: 232-001988-00 Rev A
SonicOS 5.8 Visualization Feature Guide
21
Using Filtering Options
22
SonicOS 5.8 Visualization Feature Guide
Loading...