Managing Central Node or Sensor server information

Users with the Security auditor role can view information about servers with the Central Node and Sensor components.

Information about servers with the Central Node or Sensor components is displayed in the Sensor servers of the application web interface window.

This section displays cards of components (on the left) and cards of network interfaces detected on these components (to the right of each component).

Above the card of the Sensor component is the card of the Central Node component to which the Sensor is connected.

If the Central Node component is deployed with Embedded Sensor, the name of that Sensor component is displayed the card as Embedded Sensor.

The network interface card displays the following information:

• Network interface name
• MAC address of the network interface
• IP address of the network interface
• Network interface bandwidth

If a monitoring point has been added to the network interface, the following information about the monitoring point is displayed in the card of the network interface:

• Monitoring point name.
• Technology mode is the state of the technology inheritance functionality. It can be Enabled or Disabled.

You can view details of the Central Node and Sensor components and the network interfaces discovered on these components.

To view component or network interface details:

Click its card.

The Settings tab for the Central Node and Sensor components displays the following information:

• Status is the current status of the component indicated by an icon and text description.
• Node type indicates the application component: Server (Central Node component) or Sensor (Sensor component).
• Disk space currently used by the application is the disk space occupied by application files. Includes installed files and files created by the application in the course of its operation.
• Maximum disk space that can be used by the application is the disk space that can be occupied by application files. Includes installed files and the sum total of all space limits configured in data storage rules. This value may not exceed the amount of available disk space.
• Occupied on disk is the disk space used by all files. Includes application files, operating system files, and files of other applications. The space is calculated on the disk that contains the /var directory in the file system of the component.
• Free disk space is the disk space that is not used by files. The space is calculated on the disk that contains the /var directory in the file system of the component.
• Total disk space is the total volume of disk space on the drive that contains the /var directory in the file system of the component.
• BPF filtering indicates whether filtering using the Berkley Packet Filter (BPF) technology based on address parameters in network packets is enabled or disabled.
• External storage for traffic dump files indicates the connection status of the external storage. The following statuses may be displayed: Connected, Not connected.
• Retention rules indicate current and maximum values of size, number of items, and storage duration of application data.

For the Sensor component, in addition to the Settings tab, the External storage, Other, ICAP integration, POP3 integration, and SMTP integration tabs are also displayed.

• The External storage tab displays information about the configuration of the external storage for mirrored SPAN traffic.
• On the Other tab, the following information is displayed:
  • Maximum size of scanned file is the current limit on the size of files that can be scanned by the component.
  • Dump HTTP body indicates whether HTTP body content dumping is enabled or disabled.
• The ICAP Integration tab displays the settings of integration with a proxy server via ICAP.
• The POP3 Integration tab displays the POP3 mail server integration settings.
• The SMTP Integration tab displays the SMTP mail server integration settings.

For a network interface that does not have a monitoring point added, the following information is displayed in the details area:

• Network interface is the name of the network interface in the operating system.
• Connection is the icon indicating that a network cable is connected to the Ethernet port of the network interface:
  •  – the network cable is connected.
  •  – the network cable is disconnected.

  The icon blinks when the Ethernet port indication mode is enabled.

• MAC address is the MAC address of the network interface.
• IP address is the IP address of the network interface. If multiple IP addresses are found on the network interface, a maximum of 16 IP addresses are displayed in the details area.

If a monitoring point has been added to the network interface, the following information is displayed in the card of the network interface:

• Status is the current status of the monitoring point indicated by an icon and a text description:
  • OК. The monitoring point is available.
  • Switchover. The operating mode of the monitoring point is being changed.
  • Error. An error was detected when switching over the operating mode of the monitoring point.
• Connection is the icon indicating that a network cable is connected to the Ethernet port of the network interface:
  •  – the network cable is connected.
  •  – the network cable is disconnected.

  The icon blinks when the Ethernet port indication mode is enabled.

• Network interface is the name of the network interface in the operating system.
• Mode is the current mode of the monitoring point:
  • Enabled.
  • Disabled.
• On the Settings tab:
  • The Inheritance of technologies indicates whether inheritance of technologies is enabled or disabled for the server.
  • MAC address is the MAC address of the network interface.
  • IP address is the IP address of the network interface.

Page top