Login
- Table of Contents
-
- 04-DPI Configuration Guide
- 00-Preface
- 01-DPI overview
- 02-DPI engine configuration
- 03-IPS configuration
- 04-URL filtering configuration
- 05-Data filtering configuration
- 06-File filtering configuration
- 07-Anti-virus configuration
- 08-Data analysis center configuration
- 09-WAF configuration
- 10-Proxy policy configuration
- 11-IP reputation configuration
- 12-Domain reputation configuration
- 13-APT defense configuration
- 14-DLP configuration
- 15-Content moderation configuration
- 16-Network asset scan configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 08-Data analysis center configuration | 104.58 KB |
Contents
Configuring the data analysis center
About the data analysis center
Restrictions: Hardware compatibility with data analysis center
Restrictions and guidelines: Data analysis center configuration
Data analysis center tasks at a glance
Enabling real-time log display
Enabling real-time traffic statistics collection
Configuring report subscription
Configuring data storage limits for a service
Display and maintenance commands for data analysis center
Configuring the data analysis center
About the data analysis center
The data analysis center collects and analyzes log data for services and provides the analysis results in various forms of reports through the Web interface. It supports log data storage, traffic monitoring, and report analysis. This feature allows you to learn about the service traffic statistics and the network security status, helping you make decisions when customizing service policies.
Log data storage and analysis
The data analysis center collects log data from various service modules for central analysis and reporting. The log data are preferably stored in a hard disk. If no hard disk is available, the data are stored in the memory.
Traffic monitoring
The data analysis center generates real-time traffic trend and statistics reports from various perspectives, such as user, application, and IP address. These reports help you monitor the network traffic, locate network vulnerabilities, and secure the network against potential attacks.
Reporting
The data analysis center can generate the multiple types of reports for you to understand the information such as service statistics, device running status, and network security status.
Restrictions: Hardware compatibility with data analysis center
|
Hardware platform |
Module type |
Data analysis center compatibility |
|
M9006 M9010 M9014 |
Blade IV firewall module |
Yes |
|
Blade V firewall module |
Yes |
|
|
NAT module |
No |
|
|
M9010-GM |
Encryption module |
Yes |
|
M9016-V |
Blade V firewall module |
Yes |
|
M9008-S M9012-S |
Blade IV firewall module |
Yes |
|
Intrusion prevention service (IPS) module |
Yes |
|
|
Video network gateway module |
Yes |
|
|
M9008-S-V |
Blade IV firewall module |
Yes |
|
M9000-AI-E4 M9000-AI-E8 M9000-AI-E16 |
Blade V firewall module |
Yes |
|
M9000-AK001 |
Blade V firewall module |
Yes |
|
M9000-X06 M9000-X06-B M9000-X06-B-G M9000-X06-G M9000-X10 |
Blade VI firewall module |
Yes |
|
M9000-AI-X06 M9000-AI-X10 |
Blade VI firewall module |
Yes |
Restrictions and guidelines: Data analysis center configuration
You can configure the data analysis center at the CLI. The reports generated by the data analysis center are available only in the Web interface.
Data analysis center tasks at a glance
To configure the data analysis center, perform the following tasks:
· Enabling real-time log display
· Enabling real-time traffic statistics collection
· Configuring the email server
· Configuring report subscription
· Configuring data storage limits for a service
Enabling log collection
About this task
The log collection feature enables the data analysis center to collect the log messages of specific services and extracts the data for summarization and analysis. You can see the relevant data analysis information in the dashboard and monitor pages of the Web interface.
Restrictions and guidelines
To collect the log messages for the traffic service, first enable the session statistics collection and then enable the log collection. For more information about the session statistics collection, see session management in Security Configuration Guide.
Procedure
1. Enter system view.
system-view
2. Enable the log collection for a service.
dac log-collect service service-type service-name enable
By default, the log collection status for each service varies by service setting when the service module is registered to the DAC.
Enabling real-time log display
About this task
With this feature enabled for a service, the data analysis center will send the service log messages to the Web interface in real time. You can see the real-time logs on the Web interface without refreshing the log lists manually.
Restrictions and guidelines
The real-time log display setting for a service takes effect only after the log collection for the service is enabled by the dac log-collect enable command.
Procedure
1. Enter system view.
system-view
2. Enable the real-time log display.
dac log-display service service-type service-name enable
The log collection status for each service varies by service setting when the service module is registered to the DAC.
Enabling real-time traffic statistics collection
About this task
The data analysis center can collect the user and application traffic statistics in real time and send the statistics result to the Web interface.
Restrictions and guidelines
Enabling this feature will have an impact on the CPU performance of the device. Make sure you are fully aware of the impact before you enable this feature in high traffic scenarios.
Procedure
1. Enter system view.
system-view
2. Enable real-time traffic statistics collection.
dac traffic-statistic { application | user } enable [ verbose ]
By default, the real-time collection of traffic statistics is disabled.
Configuring the email server
About this task
The report subscription feature requires an email server to function correctly. The email server will send the subscribed reports to the specified mail box.
Procedure
1. Enter system view.
system-view
2. Specify the email server address.
dac email-server server-address address-string
By default, no email server is specified for the data analysis center.
The email server address can be the IP address or host name. If you specify the host name as the email server address, make sure the device can obtain the IP address through static or dynamic domain name resolution. In addition, the device must reach the IP address of the email server. For more information about domain name resolution, see DNS configuration in Layer 3—IP Services.
3. Specify the email sender address.
dac email-server sender address-string
By default, the email sender address is not specified.
4. (Optional.) Configure email client authentication.
a. Enable email client authentication.
dac email-server client-authentication enable
By default, email client authentication is disabled.
b. Specify the username for email client authentication.
dac email-server username username
By default, no username is specified for email client authentication.
c. Specify the password for email client authentication.
dac email-server password { cipher | simple } string
By default, no password is specified for email client authentication.
d. Enable secure transmission of client authentication credentials.
dac email-server secure-authentication enable
By default, secure transmission of client authentication credentials is disabled.
Configuring report subscription
About this task
The report subscription allows the device to generate and send periodic reports to the subscriber mail box.
By default, the daily report is sent during the least busy hours (1 am. to 5 am.) and the monthly report of the previous month is sent on the first day of each month. The report sending time cannot be changed.
The following types of reports are supported:
· Summary report—Displays summarized service traffic statistics collected over a time range.
· Comparison report—Provides comparison of service traffic statistics collected over two time ranges that contain the same number of days.
· Intelligent report—Provides intelligent analysis of users' work efficiency, data leakage, and turnover risks based on their network access behaviors.
· Integrated report—Illustrates the overall device operational and network security status based on analysis of critical service statistics.
Reports are used to analyze types of statistics. You can specify the range of statistics to be analyzed by a report. For example, if you specify top 20 statistics entries for the summary report, the generated report will contain the analysis results only about top 20 statistics entries from each service.
Prerequisites
For the subscribers to receive the reports, you must configure the email server.
Procedure
1. Enter system view.
system-view
2. Configure the subscription parameters for a report type.
dac report type { comparison | integrated | intelligent | summary } subscriber mail-address [ language { chinese | english } ]
By default, no report subscription parameters are configured.
3. Specify the range of statistics to be analyzed for a report type.
dac report type { comparison | integrated | intelligent | summary } top number
By default, top 5 statistics entries are specified to be analyzed for a report type.
Configuring data storage limits for a service
About this task
Perform this task to set the storage time limit, storage space usage limit, and the storage limit-violated action for a service.
The data analysis center periodically checks the data of each service to determine if the storage time or storage space usage limit is exceed.
· If a storage limit is exceeded and the action is delete, the system deletes the expired or the oldest service data. A log will be generated to report the event.
· If a storage limit is exceeded and the action is log-only, the system generates a log message. New data will not be saved.
Restrictions and guidelines
If data is stored in the memory, the system automatically deletes the oldest data when the storage space exceeds the limit.
If data is stored in a hard disk or a USB disk, the system performs operations based on the storage limit-violated action that you specify. If the action is delete, the system automatically deletes the oldest data when the storage space exceeds the limit.
Procedure
1. Enter system view.
system-view
2. Set the storage time limit, storage space usage limit, or the storage limit-triggered action for a service.
dac storage service service-type service-name limit { hold-time time-value | usage usage-value | action { delete | log-only } }
By default:
¡ The service data can be saved for a maximum of 365 days.
¡ The data of each service can occupy up to 20% of the total storage space.
¡ If the storage time or storage space usage limit is exceeded, the system deletes the expired or the oldest data.
Display and maintenance commands for data analysis center
Execute the display commands in any view.
|
Task |
Command |
|
Display the email server configuration. |
display dac email-server |
|
Display the log collection configuration for a service. |
display dac log-collect { all | service service-type service-name } |
|
Display the configuration of the real-time log display. |
display dac log-display { all | service service-type service-name } |
|
Display the report subscription information. |
display dac report [ comparison | integrated | intelligent | summary ] |
|
Display the service storage limit settings. |
display dac storage [ service-type service-name ] |
|
Display the configuration of the real-time traffic statistics collection. |
display dac traffic-statistic [ application | user ] |
