Technical Library | eSupport
Go to the table of contents Go to the previous page Go to the next page
TRITON RiskVision Diagnostics : Reviewing RiskVision session details
Reviewing RiskVision session details
52062 | Diagnostics | TRITON RiskVision | 24-Sep-2015
Use the Diagnostics > Sessions tab to find session statistics for monitored traffic, as reported by the Assembler service. In a new deployment, or for troubleshooting purposes, optionally enable full session logging for a brief period to verify that RiskVision is monitoring all expected traffic.
The Session Statistics tables at the top of the page offer:
*
A Summary showing the total number of monitored sessions, with information about how many of those were completed sessions. To provide more context about any difference between total and completed sessions monitored, additional statistics show the number of session starts (SYN+ACK) and session ends (FIN+ACK).
*
Information about the number of sessions using the SMTP and encrypted SMTP Protocols.
*
The number of unique Source IP Addresses seen in the past 5 minutes, as compared to the number since the last RiskVision service restart.
The Completed Sessions by Port table provides a breakdown of the monitored traffic by port. It includes information about the IP version used for the communication on each port, as well as the volume of traffic on each port by percentage of the total number of completed sessions.
The Session Details section at the bottom of the page allows administrators to prompt RiskVision to log every monitored session, regardless of whether or not there is a security incident associated with the session.
Because logging data for all sessions can quickly fill the database, this feature is intended to be used as a temporary diagnostic tool. Once you have gathered the data you need, disable session logging.
For each monitored session, the Session Details table can show:
*
A session identifier
Note that when the RiskVision appliance is restarted, session ID numbering is reset. Depending on how often the appliance is restarted, and how long existing session and incident information is stored, duplicate session ID numbers are possible.
*
The time the session was initiated
*
The duration of the session
*
Transport protocol
*
Application protocol
*
Source IP address
*
Destination IP address
*
Size of the session payload
*
Number of TCP segments included in the session
*
Session status
*
Number of IP fragments detected
*
Number of duplicates detected
In addition, a summary above the table specifies how many sessions are currently available for viewing in the table, the time period during which the session information was collected, the number of unique sources detected, and the number of unique destinations seen.
To enable full session logging:
1.
Switch the Log all sessions toggle to ON.
In a typical deployment the table below the toggle will quickly begin to populate with data.
2.
Use the table beneath the toggle to verify that the expected network segments are being monitored.
*
Drag any combination of column headers in the table to the "group your data" box to quickly group information in the table.
For example, to focus on which IP addresses are being monitored, click the Source IP column header and drag it into the "group your data" box.
*
Use the Filter box above the table to search for specific information.
*
Use the Show/Hide Columns drop-down list to select which information to show in the table.
For example, if your are troubleshooting a network configuration issue, it may be useful to show information about the percentage of traffic made up by IP Fragments or Duplicate IP Packets.
3.
When you have collected the data you need, switch Log all sessions to OFF.
Storing all session information can quickly overwhelm system resources, so use session logging for brief periods of system verification or troubleshooting only.

Go to the table of contents Go to the previous page Go to the next page
TRITON RiskVision Diagnostics : Reviewing RiskVision session details
Copyright 2015 Raytheon | Websense. All rights reserved.