Using The Realtime Console; Using The Console - Enterasys Intrusion Prevention System Reporting Manual

Using the Realtime Console

Using the Realtime Console
The Dragon Realtime Console dramatically speeds up analysis of a variety of Dragon functions by
providing realtime analysis data. It keeps all of the events it reads in memory and requires some
storage capacity. For example, 1,000,000 events require 25 MB of main memory. This tool does not
have a limit to the number of events it can hold in memory. However, experience with live data
shows that 500,000 events is adequate to hold a month's worth of data on a single busy Network
Sensor.
Event summaries and event listings are very quick, but anything that enumerates data by an IP
address, can take 1-2 minutes, possibly more. The Realtime Console can also filter events, which
significantly lowers the total event count.
To access the Realtime Console Main Window:
1. Click Realtime in the top right navigation area.
The Realtime Console main window appears as shown in
shown in the left navigation panel for the Console option in the top left navigation area.
Figure 11-3

Using the Console

You can select the type of event summary and filter display. Each combination presents a unique
view of Dragon data.
To display Console data:
1. Click the Event Summary pulldown and select the desired type of summary.
Each type of summary produces a different type of output. These are described in detail in the
sections below.
2. Click the Filters pulldown and select the desired filter.
Although default filters exist, you can create custom filters. See
page 11-16.
3. Click Execute.
The desired data is shown in the display area.
11-6 Enterasys IPS Analysis and Reporting Guide
Note: It is recommended that the Realtime Console agent, which sends the event data, run on a
dedicated server.
Realtime Console Main Window
Legacy Reporting
Figure 11-3. Navigation options are
Filter Management on