ExtraHop Trace Admin UI Скачать руководство пользователя

Страница: 19 / 58

ExtraHop 8.8 ExtraHop Trace Admin UI Guide

Note:

Most organizations have an established system for collecting and displaying SNMP traps in a

central location that can be monitored by their operations teams. For example, SNMP traps

are sent to an SNMP manager, and the SNMP management console displays them.

1. Log in to the Administration settings on the ExtraHop system through

https://<extrahop-

hostname-or-IP-address>/admin

2. In the Network Settings section, click

Notifications

3. Under Notifications, click

SNMP

4. On the SNMP Settings page, in the

SNMP Monitor

field, type the hostname for the SNMP trap

receiver. Multiple names can be entered, separated by commas.

5. In the

SNMP Community

field, enter the SNMP community name.

6. In the

SNMP Port

field, type the SNMP port number for your network that is used by the SNMP agent

to respond back to the source port on the SNMP manager.

The default response port is

162

7. Click

Test Settings

to verify that your SNMP settings are correct. If the settings are correct, you should

see an entry in the SNMP log file on the SNMP server similar to the following:

Connection from UDP: [192.0.2.0]:42164->[ 192.0.2.255]:162

Where

192.0.2.0

is the IP address of your ExtraHop system and

192.0.2.255

is the IP address of

the SNMP server.

8. Click

Save

Download the ExtraHop SNMP MIB

SNMP does not provide a database of information that an SNMP-monitored network reports. SNMP

information is defined by third-party management information bases (MIBs) that describe the structure of

the collected data.
1. Log in to the Administration settings on the ExtraHop system through

https://<extrahop-

hostname-or-IP-address>/admin

2. Go to the Network Settings section and click

Notifications

3. Under Notifications, click

SNMP

4. Under SNMP MIB, click the

Download ExtraHop SNMP MIB

The file is typically saved to the default download location for your browser.

Send system notifications to a remote syslog server

The syslog export option enables you to send alerts from an ExtraHop system to any remote system that

receives syslog input for long-term archiving and correlation with other sources.
Only one remote syslog server can be configured for each ExtraHop system.
1. Log in to the Administration settings on the ExtraHop system through

https://<extrahop-

hostname-or-IP-address>/admin

2. In the Network Settings section, click

Notifications

3. In the Destination field, type the IP address of the remote syslog server.
4. From the Protocol drop-down menu, select

TCP

UDP

. This option specifies the protocol over which

the information will be sent to your remote syslog server.

5. In the Port field, type the port number for your remote syslog server. By default, this value is set to

514.

6. Click

Test Settings

to verify that your syslog settings are correct. If the settings are correct, you should

see an entry in the syslog log file on the syslog server similar to the following:

Jul 27 21:54:56 extrahop name="ExtraHop Test" event_id=1

7. Click

Save

Содержание Trace Admin UI

Страница 1: ...ExtraHop 8 8 ExtraHop Trace Admin UI Guide...

Страница 2: ...oduced translated or reduced to any machine readable form without prior written approval from ExtraHop Networks Inc For more documentation see https docs extrahop com Published 2022 03 22 ExtraHop Net...

Страница 3: ...15 Bond interfaces 16 Create a bond interface 16 Modify bond interface settings 16 Destroy a bond interface 17 Notifications 17 Configure email settings for notifications 17 Add a new notification em...

Страница 4: ...ific ICMPv6 Echo Reply messages 42 Services 43 Configure the SNMP service 43 Firmware 44 Upgrade the firmware on your ExtraHop system 44 Pre upgrade checklist 44 Upgrade the firmware on Command and Di...

Страница 5: ...ted and then reconnected to the same Trace appliance 56 For extended storage units configured on a device other than the Trace appliance 56 Reset Packetstore 56 Trace Cluster Settings 57 Manager 57 Pa...

Страница 6: ...gs After you have deployed your Trace appliance see the Trace Post deployment Checklist We value your feedback Please let us know how we can improve this document Send your comments or suggestions to...

Страница 7: ...ace appliance The metrics on this page can help you troubleshoot problems and determine why the ExtraHop appliance is not performing as expected System Reports the following information about the syst...

Страница 8: ...is turned off Name Displays the Trace appliance settings that are stored on disk Options Displays the read write options for the settings stored on disk Size Displays the size in gigabytes for the ide...

Страница 9: ...expk file is encrypted and the contents are only viewable by ExtraHop Support However you can download the diag results complete manifest file to view a list of the files collected Run a custom suppor...

Страница 10: ...tions for your ExtraHop system In Reveal x Enterprise you can enable security only or security and performance detections In addition you can allow the ExtraHop Machine Learning Service to access pre...

Страница 11: ...to your sensor license 35 161 154 247 Portland U S A 54 66 242 25 Sydney Australia 52 59 110 168 Frankfurt Germany Open access to Cloud Recordstore For access to the ExtraHop Cloud Recordstore your se...

Страница 12: ...e Connectivity The Connectivity page contains controls for your appliance connections and network settings Interface Status On physical appliances a diagram of interface connections appears which upda...

Страница 13: ...e interfaces ping replies might not get back to the sender High Performance ERSPAN VXLAN Target Captures traffic forwarded from ERSPAN or VXLAN This interface mode enables the port to handle more than...

Страница 14: ...s we recommend that you contact ExtraHop Support for assistance to avoid reduced throughput Note EDA 4200 EDA 6200 EDA 8200 EDA 9200 and EDA 10200 appliances are not susceptible to reduced throughput...

Страница 15: ...DNS Search List DNSSL information according to router advertisements select RDNSS DNSSL 6 Click Save Global proxy server If your network topology requires a proxy server to enable your ExtraHop syste...

Страница 16: ...rs The bond interface must be destroyed and recreated Create a bond interface Modify a bond interface Destroy a bond interface Create a bond interface You can create a bond interface with at least one...

Страница 17: ...lected to retain the interface settings for the bond interface and all other member interfaces are disabled If no member interface is selected to retain the settings the settings are lost and all memb...

Страница 18: ...hen sending scheduled reports from a Command appliance or Reveal x 360 10 Select the Enable SMTP authentication checkbox and then type the SMTP server setup credentials in the Username and Password fi...

Страница 19: ...red network reports SNMP information is defined by third party management information bases MIBs that describe the structure of the collected data 1 Log in to the Administration settings on the ExtraH...

Страница 20: ...ote The pem file must not be password protected Note You can also automate this task through the REST API 1 In the Network Settings section click SSL Certificate 2 Click Manage certificates to expand...

Страница 21: ...ngton Country Code The two letter ISO code for the country where your organization is located US 6 Click Export The CSR file is automatically downloaded to your computer Next steps Send the CSR file t...

Страница 22: ...certificates you must also enable SSL TLS or STARTTLS encryption and certificate validation when configuring the settings for the external server 1 Log in to the Administration settings on the ExtraHo...

Страница 23: ...ministration settings After the setup user password is changed the button at the top of the page no longer appears Note The password must be a minimum of 5 characters 1 In the Administration settings...

Страница 24: ...ck Users 3 Click Add User 4 In the Personal Information section type the following information Login ID The username that users will log in to their ExtraHop appliances with which cannot contain any s...

Страница 25: ...machine Next steps Add a local user account Remote Authentication The ExtraHop system supports remote authentication for user access Remote authentication enables organizations that have authenticatio...

Страница 26: ...To view the members in the group click the group name Type Displays Local or Remote as the type of user group Members Displays the number of users in the group Shared Content Displays the number of u...

Страница 27: ...ly System Administration Reveal x 360 only Cloud Setup Reveal x 360 only Full Write Limited Write Personal Write Full Read Only Restricted Read Only Activity Maps Create view and load shared activity...

Страница 28: ...ers can access detections The privilege level of the user determines the level of access to detections View detections Y Y Y Y Y Y Y Y N Acknowledge Detections Y Y Y Y Y Y Y N N Modify detection statu...

Страница 29: ...N Metrics View metrics Y Y Y Y Y Y Y Y N Records Explore appliance View record queries Y Y Y Y Y Y Y Y N View record formats Y Y Y Y Y Y Y Y N Create modify and save record queries Y Y Y Y Y N N N N...

Страница 30: ...s Y Y N Y N N N N N Privilege options The following privilege options can be assigned to users with limited Web UI and API privileges Packet and Session Key Access View and download packets View and d...

Страница 31: ...an configure your ExtraHop system to authenticate users remotely with an existing LDAP server Note that ExtraHop LDAP authentication only queries for user accounts it does not query for any other enti...

Страница 32: ...e LDAPS This option specifies LDAP wrapped inside SSL StartTLS This option specifies TLS LDAP SSL is negotiated before any passwords are sent g Select Validate SSL Certificates to enable certificate v...

Страница 33: ...atus message appears near the bottom of the page If the test fails click Show details to see a list of errors You must resolve any errors before you continue 8 Click Save and Continue Next steps Confi...

Страница 34: ...users to view detections This setting is visible only when the global privilege policy for detections access control is set to Only specified users can view detections No access Full access 4 Click Sa...

Страница 35: ...m Plus TACACS for remote authentication and authorization Ensure that each user to be remotely authorized has the ExtraHop service configured on the TACACS server before beginning this procedure 1 Log...

Страница 36: ...rs to view detections This setting is visible only when the global privilege policy for detections access control is set to Only specified users can view detections No access Full access 11 Click Save...

Страница 37: ...e required to perform operations through the ExtraHop REST API Manage API key access Users with unlimited privileges can configure whether users can generate API keys for the ExtraHop system You can a...

Страница 38: ...You can paste the key into the REST API Explorer or append the key to a request header Privilege levels User privilege levels determine which ExtraHop system and administration tasks the user can perf...

Страница 39: ...d but you cannot perform any other administration tasks through the REST API Perform all GET operations through the REST API Delete dashboards and activity maps that you own Perform metric and record...

Страница 40: ...write personal write null metrics full metrics restricted detections full View detections in the ExtraHop system This is an add on privilege that can be granted to a user with one of the following pri...

Страница 41: ...appliance Reset Packetstore Delete all packets stored on the ExtraHop Trace appliance The Reset Packetstore page appears only on the Trace appliance Running Config The running configuration file speci...

Страница 42: ...oaded as a text file to your default download location Disable ICMPv6 Destination Unreachable messages You can prevent the ExtraHop system from generating ICMPv6 Destination Unreachable messages You m...

Страница 43: ...led checkbox appears Configure the SNMP service and download the ExtraHop MIB file Enable or disable SSH Access SSH access is enabled by default to enable users to securely log in to the ExtraHop comm...

Страница 44: ...cted to ExtraHop Cloud Services when a new firmware version is available Verify that your Reveal x 360 system has been upgraded to version 8 7 before upgrading your self managed sensors If you have mu...

Страница 45: ...ected Appliances page Connect to the appliance through the iDRAC interface Upgrade the firmware on Command and Discover appliances 1 Log in to the Administration settings on the ExtraHop system throug...

Страница 46: ...Hop system initiates the firmware upgrade You can monitor the progress of the upgrade with the Updating progress bar The appliance restarts after the firmware is installed 7 If you did not choose to a...

Страница 47: ...ch configured NTP server in the NTP Status table remote The host name or IP address of the remote NTP server you have configured to synchronize with st The stratum level 0 through 16 t The type of con...

Страница 48: ...DN for the time servers in the Time Server fields You can have up to nine time servers Tip After adding the fifth time server click Add Server to display up to four additional timer server fields 8 Cl...

Страница 49: ...is the string of characters that follow i but not i itself For a virtual appliance in GCP type the instance ID For all other virtual appliances type default 5 Click Log In 6 In the Appliance Settings...

Страница 50: ...availability of your new license as shown in the following figure 3 Click Apply new license The capture process restarts which might take a few minutes Note If your license is not automatically update...

Страница 51: ...ypt the packetstore disk For more information see the Encrypt the packetstore disk section Direct Connected Disks Displays information about the SD memory cards The memory cards have the following rol...

Страница 52: ...encryption key Option Description If you entered an encryption passphrase Type a passphrase into the Passphrase field If you selected an encryption key file Click Choose File and then browse to an enc...

Страница 53: ...nstall the extended storage unit in your data center with the included rack mounting kit The mounting kit supports most four post racks with either round or square holes 2 Connect the power cables to...

Страница 54: ...the blue pull tab oriented on the top of the connector Attach the SAS cable to the HBA on the Trace appliance with the blue pull tab oriented on the bottom of the connector To remove the SAS cable pu...

Страница 55: ...d green indicating they are healthy If any disk is unhealthy yellow contact ExtraHop Support 8 Repeat steps 6 and 7 for any additional extended storage units 9 Optional If the packetstore is locked yo...

Страница 56: ...or IP address admin 2 In the Appliance Settings section click Disks 3 Click Extended Storage Units 4 Click Import foreign packetstore disks and then click OK 5 In the RAID Info section click Unconfig...

Страница 57: ...iance Click Remove Manager to remove the Command appliance as the manager Note The Trace appliance can be managed by only one Command appliance Connected Appliances Displays a table of all Discover an...

Страница 58: ...direct connection from the Command appliance is not possible because of firewalls or other network restrictions Before you begin Note This procedure only enables you to perform management functions f...

Результаты поиска

Содержание Trace Admin UI

Отзывы:

Похожие инструкции для Trace Admin UI

Бренды по названию

Популярные бренды

ExtraHop Trace Admin UI, Руководство пользователя

Результаты поиска

Содержание Trace Admin UI

Отзывы:

Похожие инструкции для Trace Admin UI

Бренды по названию

Популярные бренды