Exporting Gigastor Data For Archiving - Network Instruments GigaStor User Manual

The indexed, statistical information that comes from the indexed data is not 100% accurate when compared to
packet capture. More importantly, it is not intended to be. It is, however, statistically accurate.
When the GigaStor attempts to analyze a packet to index, it does not analyze the packet if the packet is being
analyzed by a different portion within Observer, such as Network Trending. Network Trending analyzes data for
its own purpose. If a packet is being analyzed by Network Trending at the time the GigaStor wants to analyze
the packet, the GigaStor skips the packet and goes to the next packet. The packet is written to disk, it is just not
indexed.
After 15 seconds, the GigaStor starts over, so everything is cleared out and it all starts from zero entries per index
data table, but the GigaStor does keep track of which devices it classified as servers. For instance, if in one 15
second period, the GigaStor sees a SYN-SYN/ACK-ACK and determines that port 8080 on 10.0.0.1 on is a server,
in the next 15 second period, the GigaStor does not require a SYN-SYN/ACK-ACK to know that port 8080 on
10.0.0.1 is a server. It already knows and continues indexing any 10.0.0.1 8080 as the server. The indexing of
server 10.0.0.1 on port 8080 requires that either you establish 8080 as a known protocol or you have disabled
the GigaStor Control Panel > Settings > Intelligent TCP Determination option. However, depending on which
options are enabled and disabled, the GigaStor may completely ignore 10.0.0.1 on 8080 from being indexed.

Exporting GigaStor data for archiving

You can export your GigaStor -collected data on a scheduled basis. Use the Export tab to configure when and to
where your data is saved or to manually export your data. You can manually export your GigaStor data in several
file formats or you can schedule Observer to export the data.
Part of what makes the GigaStor searches so quick is that the data is indexed. Any data that is exported to a file
is saved, but unindexed. The data remains in the indexed GigaStor file until it is overwritten. The exported data is
always available and means you will still have access to the saved packet data, but you must load the capture file
into the analyzer before you can search it. Having a good naming convention can help you find your files later.
Note: This process should be completed on the GigaStor probe itself by having the software running in Observer
analyzer mode rather than Expert Probe. See . This may require that you use Remote Desktop to access the system.
1. Redirect the probe instance to the local analyzer if it is not already connected to it.
2. Choose Capture > GigaStor Control Panel.
3. Click the Settings button to open the GigaStor Settings dialog.
4. Click the Export tab.
5. Choose how you want to export the data and in which format (bfr, pcap, or cap). You can choose to schedule
the export so that it happens automatically, or you can choose to manually export the data on an "as
needed" basis.
6. (Optional) Choose if you want to have Observer write a progress status every 30 seconds to the Log window.
Exporting GigaStor data for archiving | 31