Home
Contents

NetResident - Network Content Monitoring Tool
Prev Page Next Page
 
Introduction
Overview
System Requirements
What Network Content NetResident Can Analyze
What’s New in NetResident 3.0
NetResident Architecture
Deploying the Application
Before You Begin: Network Visibility
Step 1: Deploying the NetResident Service and Console
Step 2: Deploying NetResident Agents
Ensuring Connectivity Between the System Components
Tips and Tricks
Setting Up the Database
Step 1: Creating a New Database and Configuration File
Step 2: Selecting an SQL Server
Step 3: Selecting a Database Location and Name
Step 4: Setting Database Access Token
Step 5: Summary
Working with NetResident
Events
Connections
Alerts
About
Understanding the Difference Between the Display and Capture Filters
Remote Connections
Aliases
Workspaces
Adding Exceptions to NetResident Agents
Manual SQL Server Installation
Analyzing Imported Capture Files
Frequently Asked Questions
Sales and Support

Connections

The Connections page is an interface element that has two key functions: It allows you to control the deployed agents and the NetResident service. On the Agents tab, you can view the list of connected agents and their statuses, as well as per-agent statistics. You can also control individual agents. On the Service tab, you can view information on the NetResident service you are currently connected to and change its settings.

Agents Tab

2 (2)

 

Add Agents

Displays the dialog that allows you to deploy NetResident agents on your LAN. This is possible only for networks with domain controllers.

Show Dashboard

Shows or hides the dashboard that displays statistics for the selected agent.

Chart Scale

Sets the chart update speed. Each chart point can correspond to data collected over a period of 1, 5, or 10 minutes.

Agent State

· Capture Enabled – enables or disables the selected agent(s). When an agent is disabled, it no longer collects and sends data.
· Decrypt SSL – enables or disables encrypted traffic interception.

Capture Options

· Web, FTP, etc. – check or uncheck the boxes next to the protocol names to include or exclude the events based on the respective protocols for the selected agent. Click on the gear-wheel icon available for some of the protocols for additional filter settings. For example, you can exclude or include events depending on the web site address. Please note that this filter is a capture filter; see Understanding the Difference Between the Display and Capture Filters for more information.

Logging

· Log Level – by default, every NetResident component, including agents, logs important debugging information to a log file. You can change the amount for details included in the log. Normally, you should not change the default value (1) unless you are advised to do so by the TamoSoft support staff.
· Enable Logging – check or uncheck to enable or disable logging for the selected agent.

Settings

· Reload – refreshes the agent’s parameters and displays the updated settings.
· Apply – applies the changes you have made to any of the agent’s parameters and saves the current settings for the selected agent.

Important: When an agent connects to the NetResident service for the first time, it receives the default set of parameters from the service. After that, the agent’s settings can be customized on the per-agent basis using the Agents tab described above.

Service Tab

3 (2)

State

· Hostname – displays the hostname or IP address of the NetResident service instances to which the NetResident console is currently connected.
· Connect – displays the dialog that allows you to connect to the NetResident service. Note that when you start the NetResident console, it automatically connects the NetResident service address it was connected to the last time you ran the application.
· Disconnect disconnects the console from the service.

Network Adapter

· Adapter – allows you to select a network adapter to be used for capturing network traffic. Additionally, you can select Offline mode, in which case the NetResident service does not capture live network data.
· Use non-promiscuous mode – check this box only if your adapter cannot operate in promiscuous mode. This option must always be selected for wireless (802.11) adapters.
· MAC, IP, MASK – displays the network address settings of the selected adapter.

Auto Import

· Folder – allows you to configure the NetResident service to import network events from capture files generated by another packet-capture application. For example, you may want to use a Wi-Fi packet analyzer to sniff packets and automatically save them in a certain folder. If you enter the path to that folder in the provided field, the NetResident service will monitor that folder and automatically analyze new capture files as soon they are saved to that folder by the third-party application.
· Enabled – check this box to enable automatic log import.
· Use current date – if this box is checked, when you import log files, the original date stamps in the log file are replaced by the current date.

Capture Options

· Web, FTP, etc. – check or uncheck the boxes next to the protocol names to include or exclude the events based on the respective protocols. Click on the gear-wheel icon available for some of the protocols for additional filter settings. For example, you can exclude or include events depending on the web site address. Please note that this filter is a capture filter; see Understanding the Difference Between the Display and Capture Filters for more information.

Database Server

· Select database – allows you to select the database that is used by the NetResident service and agents for recording captured network events.

Auto Clear

· Delete the events older than – if you check this box, the events that are older than n days are automatically deleted from the database.
· Clear the database on exit – if you check this box, all events are automatically deleted when the NetResident service is stopped.

Database Size

· Trigger actions when used space is above % – the percentage of used database space after reaching which one the user-configured actions is triggered. If this option is not turned on, the application stops recording any events (collected by agents, extracted from the log files, or captured locally) when the database is full.
· Create a new database – a new database will be created on the same SQL server and in the same directory as the currently used database.
· Delete old events until free space is % – when the used database space limit is reached, the old events will be deleted from the database until the percentage of free space reaches the specified value.

Logging

· Log Level – by default, every NetResident component, including the service, logs important debugging information to a log file. You can change the amount for details included in the log. Normally, you should not change the default value (1) unless you are advised to do so by the TamoSoft support staff.
· Enable Logging – check or uncheck to enable or disable logging for the NetResident service.

Settings

· Reload – refreshes the NetResident service parameters and displays the updated settings.
· Apply – applies the changes you have made to the service parameters and saves the current settings.