Monitoring default software services is aimed at users who are new to the concept of software service monitoring. You can quickly enable traffic monitoring based on well-known ports, regardless of server or client IP addresses, and you can define IP address ranges for monitored servers, clients, or both.
To specify IP address ranges, you must enable monitoring of autodiscovered software services
- In the NAM Console navigation menu, select Deployment > Manage devices to list devices.
- On the NAM Probe you are configuring, select Open configuration.
- Navigate to Configuration > Software Services > Autodiscovered Software Services.
- Select Enable monitoring of autodiscovered software services.
Autodiscovered software services
Software services tab
On the Software Services tab, you can change the sort order by clicking the table column headings or right-click a software service to open the context menu and choose:
- Select Add (or click ) to create a new software service definition.
- Select Open to review or edit an existing software service definition.
- Delete (or click ) to remove the selected existing software service from the list. Deletion does not require additional confirmation.
To navigate to an entry in the Software Services table, click in the table and then type the first letters of a software service name. Click the magnifying glass icon or press
[CTRL+F] to open a search box to limit the table view to only those rows that contain a match (in any column) to the search string.
The NAM Probe comes with a comprehensive list of software services on well-known ports. You can add services that are present on your network or delete unneeded existing software services. To configure a software service on well-known ports and using the default settings right-click anywhere in the Software Services table, select Add from the context menu and provide the autodiscovered software service details.
Server Ranges tab
Server Ranges can be used to filter default software services:
- Detected based on packet content rules – the rule specifies which IP address is the server, and if the address is not in the server ranges the traffic is reported as filtered out.
- Detected based on well-known port – the side with the well-known port is the server, and if the address is not in the server ranges the traffic is reported as filtered out.
- Unknown – see the rules outlined above. The traffic filtered out due to server ranges is reported as “All Other” on the NAM Server report.
To narrow the range of monitored servers:
Click the Server Ranges tab on the Default Software Services pane.
In the table of IP addresses, right-click to open the context menu and choose Add.
You can add as many ranges as needed.Note
Ranges defined in this section apply to monitoring Default Software Services only.
Edit the IP addresses of the newly added range.
Note that the range is inclusive: the specified addresses and all of the addresses between them will be monitored.
Publish the draft configuration on the monitoring device.Warning
When you define server and client ranges, be sure not to filter everything out or there will be no data in your reports.
Data Generation tab
Click the Data Generation tab to specify data generation options.
NAM Server Data
This controls the scope of data generated by the NAM Probe that is used in reporting.
Generate NAM Server Data
Enabled by default. When you disable it, the NAM Probe will stop saving the data used in most NAM Server reports.
In normal circumstances, you should not disable NAM Server data generation.
Report SSL handshakes in NAM Server data
When selected, NAM Server generated data will contain all defined operations including SSL handshakes. You can turn off the SSL handshake operations globally per NAM Probe or individually per software service for the NAM Server.
- When Inherit from global setting is selected, the global setting is used. To edit the global setting, open the NAM Probe configuration, select Global > Front-End Monitoring > SSL and set the Report defined operations in NAM Server data.
Advanced Diagnostics on Demand Data
- Generate ADoD Data
When controlling ADoD data generation, you can either disable it completely or decide on the depth of available data.
Turns off ADoD data generation.
- Operation loads
The NAM Probe will generate data enabling you to access essential operation-level information.
- Operation loads and hits
The NAM Probe will generate data enabling you to access a deep drilldown report that represents an HTTP page hit broken down into specific HTTP elements.
- Operation loads, hits, and header
The NAM Probe will generate data enabling you to access even deeper drilldown information retrieved from related request and response headers for the hit.
- Report SSL handshakes in ADoD data
When selected, ADoD generated data will contain SSL handshakes data. You can turn off the SSL handshake operations globally per NAM Probe or individually per software service for the NAM Server. When Inherit from global setting is selected, the global setting is used. To edit the global setting, open the NAM Probe configuration, select Global > Front-End Monitoring > SSL and set the Report SSL handshakes in ADoD data.
- Report only errors in ADoD data When selected, ADoD generated data will contain only errors and slow operations. You can turn off the SSL handshake operations globally per NAM Probe or individually per software service for the NAM Server. When Inherit from global setting is selected, the global setting is used. To edit the global setting, open the NAM Probe configuration, select Global > Front-End Monitoring > SSL and set the Report only errors in ADoD data.
Autodiscovered software service details
You can add a new autodiscovered software service if you intend to monitor your network traffic based on default settings.
To add a new default software service:
Click in the Software Services table and select Add from the pop-up menu.
The Autodiscovered Software Service Details window is displayed.
In the Name field, type the name of the new software service.
In the Protocol section, select TCP, UDP, or Other (IP).
This determines the associated base protocol analyzer.
In the Analyzer list, select an analyzer.
The list here depends on the Protocol you selected. For example, UDP-based transactionless software services can be analyzed using analyzers corresponding to UDP traffic only. IP-based software service traffic can be analyzed using ICMP or IP analyzers. The largest selection of analyzers available is for the TCP-based software services.
Select or clear Enabled to control whether this rule is enabled.
Applies to NAM 2019+
In the Content rules section, specify content rules to match against the traffic.
- Click to add a row to the list of rules. The row is a list from which you can select a relevant protocol.
- In the new row, select a protocol from the list.
If there is a rule not assigned to any protocol (for example, it was removed from one protocol and not added to any other), the matching traffic will be reported as unknown.
In the Port rules section, specify port numbers that define the traffic.
- Click to enter a port number (or a range of port numbers) on which the software service is served.
- Right-click an existing row to Edit or Delete as needed.
Click Advanced settings to display advanced settings that most often do not need to change.
Choose whether to give priority to content rules or to port rules.
- If Content rules first is selected (the default setting), rules based on the content of the packet are given higher priority than rules based on well-known port numbers, so even if the given port is almost always used by a single service defined by a well-known port (for example, port 25 and SMTP), the NAM Probe will still apply content-based recognition rules on all new TCP sessions.
- If Port rules first is selected and a session's port is a well-known port, content-based rules are not applied. To limit performance impact, content-based recognition rules are applied only for a specified number of first packets on each session (8 by default) and time (a single monitoring interval), and if none of them are positive the well-known port is used.
Choose whether to aggregate data.
Choose whether to stop further autodiscovery if the definition matches.
For some protocols and content-based rules, it is possible that a general rule (transport protocol) will be detected first and then, in a subsequent packet, a more detailed rule (application protocol) will be detected. To give the detailed rule a chance for detection, rule recognition does not stop after detection of the general rule and continues until a detailed rule is found or until a packet or time limit is exceeded.
Click OK to record your changes and return to the Autodiscovered Software Services screen.
On the Server Ranges tab, you can narrow the range of monitored servers and clients.
Publish the draft configuration.