Home
Contents

NetResident - Network Content Monitoring Tool
Prev Page Next Page
 
Introduction
Overview
System Requirements
What Network Content NetResident Can Analyze
What’s New in NetResident 3.0
NetResident Architecture
Deploying the Application
Before You Begin: Network Visibility
Step 1: Deploying the NetResident Service and Console
Step 2: Deploying NetResident Agents
Ensuring Connectivity Between the System Components
Tips and Tricks
Setting Up the Database
Step 1: Creating a New Database and Configuration File
Step 2: Selecting an SQL Server
Step 3: Selecting a Database Location and Name
Step 4: Setting Database Access Token
Step 5: Summary
Working with NetResident
Events
Connections
Alerts
About
Understanding the Difference Between the Display and Capture Filters
Remote Connections
Aliases
Workspaces
Adding Exceptions to NetResident Agents
Manual SQL Server Installation
Analyzing Imported Capture Files
Frequently Asked Questions
Sales and Support

Events

The Events page is the main interface element that displays the list of network events and allows you to view the detailed information on every event, as well as its contents. Working with this page is simple: You can select any event on the list (e.g., a Web page) and its content will be immediately displayed on the details panel. Data layout may be customized using the Events tab.

The Events list receives information from all of the data-collection points that have been installed by the user, which includes the NetResident service and may include NetResident agents. The captured data are automatically fed to the console, and the console refreshes the event list every 30 seconds. You can also manually refresh the list by clicking the Refresh button.

Because the number of captured events in a busy network might be extremely high, the unfiltered event list might be populated with thousands or millions of events. Exploring such a list would be problematic unless you use the Filter tab that allows you focus on specific protocols, dates, or workstations.

Another tool that may dramatically simplify event browsing is the Explorer. Located on the left side on the Events tab, the Explorer groups events by protocol and date. When you select a specific node, the event list displays only those events that match the selected protocol and date. Also, a few protocol-specific columns are automatically added to the event list. The Explorer builds the node list “on-the-fly,” without contacting the database server, so the node list consist of only those events that passed the main filter (see the Filter Tab section below) and display filter.

The Events page menu has two tabs, Events and Filter.

Events Tab

8

With the Events tab menu commands, you can change the way data are presented by the application. The commands are described below.

Events

· Import – imports data from capture files generated by TamoSoft and a number of third-party products. See Analyzing Imported Capture Files for more information.
· Refresh – reloads the event list from the NetResident service using the last applied filter.
· Clear All – deletes all events from the database; this operation is irreversible.
· Find – shows or hides the search panel that allows you to search for matches in the event list, e.g. date, source, address, etc.
· Save List – exports the event list in a number of formats: HTML, CSV, TXT and RTF.

View

· Explorer mode – shows or hides the event explorer panel.
· Show Details – shows or hides the panel that displays event contents.
· Right, Left, Bottom – controls the position of the panel that displays event contents.

Database server

· Select database – allows you to select a database from which the events are displayed.

Address Mode

· IP Address – makes the “Party A” and “Party B” columns display the IP addresses of the parties.
· MAC Address – makes the “Party A” and “Party B” columns display the MAC addresses of the parties.
· Host Alias – makes the “Party A” and “Party B” columns display the user-assigned aliases of the parties rather than their IP or MAC addresses.
· Aliases – displays the windows that allow creating or editing aliases.
· Resolve IP – when this option is on, the application will try to resolve all IP addresses to corresponding host names.

Workspace

Workspace

· Load – loads a workspace from a file.
· Save – saves the current workspace to a file.
· Additionally, the menu may contain the list of the most recently used workspaces.

Windows

· New Window – opens another console instance. You can use several windows at the same time. For example, you may want to view today’s events in the first window and yesterday’s events in another window.
· Arrange All, Side by Side – controls the positions of the opened console windows.

Filter Tab

13

With the Filter tab menu commands, you can focus on the events that are of interest to you and filter out the events that are not important. Once you have configured the filter(s), be sure to click Apply to apply your new filter set.

Sources

· Add – allows you to specify sources of network events. These may include the NetResident service, agents, manually imported capture files, or automatically imported capture files. Initially, when no sources have been added, NetResident displays events from all source. If/when you add a source or multiple sources and click Apply (located in the Filter frame to the right), only the events from these sources will be displayed.

Date and Times

· Add – allows you to specify date and time ranges of network events. Initially, when no ranges have been added, NetResident displays events that occurred at any time. If/when you add a date and time range and click Apply (located in the Filter frame to the right), only the events within these ranges will be displayed. You can also click on the arrow to use one of the presets: Today, Yesterday, or This Week.

Protocols

· Web, FTP, etc. – check or uncheck the boxes next to the protocol names to include or exclude the events based on the respective protocols. Click on the gear-wheel icon available for some of the protocols for additional filter settings. For example, you can exclude or include events depending on the web site address. Click Apply to apply the filter. Please note that this filter is a display filter; see Understanding the Difference Between the Display and Capture Filters for more information.

Content

· Contains text – allows you to perform free text search. A search request consists of an unstructured natural language or “plain English” query. In a natural language search request, words such as AND and OR are disregarded. Use quotation marks to indicate a phrase, + (plus) to indicate a word that must be present, and - (minus) to indicate a word that must not be present. Enter a text string and click Apply to have NetResident display only those events that contain the entered text. Note that database indexing takes time, so matching event may not appear immediately.
· Stemming – if you check this box, your search will include other grammatical forms of the words in your search request. For example, with stemming enabled, a search for “apply” would also find “applies.” This option has no effect for non-English searches.
· Phonic – if you check this box, your search will find words that sound similar to the words in your request, like “Smith” and “Smythe.” This option has no effect for non-English searches.

Filter

· Apply – applies the current filter set and reloads the events.
· Load – allows you to load a filter set that you saved in the past. Clicking on the arrow lists the most recently saved filter sets.
· Save – saves the current filter set to a file.
· Clear – removes all filters, including additional filter settings, and reloads the events.

The filter settings are automatically saved when you close the application and restored when you run it again.