Hosts: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
 
No edit summary
 
(6 intermediate revisions by one other user not shown)
Line 1: Line 1:
<span style="display:none" class="helpSource host_viewer">Host_Viewer</span>
<span style="display:none" class="helpSource hosts">Hosts</span>
<span style="display:none" class="helpSource host_viewer_current_hosts">Host_Viewer#Current_Hosts</span>
<span style="display:none" class="helpSource host_viewer">Hosts</span>
<span style="display:none" class="helpSource host_viewer_penalty_box_hosts">Host_Viewer#Penalty_Box_Hosts</span>
<span style="display:none" class="helpSource host_viewer_current_hosts">Hosts</span>
<span style="display:none" class="helpSource host_viewer_penalty_box_event_log">Host_Viewer#Penalty_Box_Event_Log</span>
<span style="display:none" class="helpSource host_viewer_penalty_box_hosts">Hosts</span>
<span style="display:none" class="helpSource host_viewer_current_quotas">Host_Viewer#Current_Quotas</span>
<span style="display:none" class="helpSource host_viewer_penalty_box_event_log">Hosts</span>
<span style="display:none" class="helpSource host_viewer_quota_event_log">Host_Viewer#Quota_Event_Log</span>
<span style="display:none" class="helpSource host_viewer_current_quotas">Hosts</span>
<span style="display:none" class="helpSource host_viewer_quota_event_log">Hosts</span>


= Host Viewer =
Hosts provides a view of all current "hosts" or unique IP address on the local network(s).


The Host Viewer is viewable by selecting "Show Hosts" at the dropdown at the top of the rack. The Host Viewer shows the information stored in the ''host table'' which is a global table that tracks local hosts and the various information about them.
Each row represents a single a host (unique IP address) that has been seen on any LAN interface.


== Current Hosts ==
As NG Firewall scans and processes network traffic, the platform and many of the apps will save information about a host on the network.
This information is stored in the "Host Table" and the Hosts view provides a view into the host table.


The ''Current Hosts'' tab shows all the currently known (local) hosts and all the information about them.
= Controls =


Many applications store information about the various hosts on the network. For example, If a user logs into Captive Portal, the Captive Portal will store the associated username in the host table so other applications know this information about this hosts. Each row show a given host and all the information currently stored for that host (IP).
The host view by default shows all hosts and some basic information about each session.
To view all the information for a session click on the session and all attributes are displayed in the property grid on the right side.


The viewable information about a host is listed below
# '''Refresh''' refreshes the grid with the current active sessions.
# '''Auto Refresh''' toggles automatic refreshing of the grid.
# '''Reset View''' resets the view to the default view. Any changes to the default view are saved in your local browser session.
# '''Filter''' provides the ability to quickly filter all sessions my many key attributes.


{| border="1" cellpadding="2" width="85%" align="center"
More controls can be access by mousing over any column head and using the drowdown menu on the column header.
 
# '''Sort Ascending''' sorts the selected column in ascending order.
# '''Sort Descending''' sorts the selected column in descending order.
# '''Columns''' allows the removal or addition of columns to the current view.
# '''Filter''' provides a way to filter current data on this column with the provided value.
 
= Columns =
 
= Columns =
 
<blockquote style="background: white; border: 1px solid black; padding: 1em;">
{| border="1" cellpadding="2"
|+
! Property !! Description
|-
| Address
| The IP address of this Host
|-
| MAC Address
| The MAC address of this Host if it is known
|-
| MAC Vendor
| The Vendor of the MAC address of this Host if known
|-
| Interface
| The interface on which this Host was last seen
|-
| Creation Time
| The creation time of this Host entry
|-
| Last Access Time
| The last time an app or the platform accessed this Host entry
|-
| Last Session Time
| The last time this host attempted to create a session
|-
| Last Completed TCP Session Time
| The last time this host successfuly completed a TCP session to a WAN address
|-
| Entitled Status
| False if this host is not entitled to premium functionality because the limit is exceeded True otherwise
|-
|-
|width="30%"|'''Column Header'''
| Active
|width="70%"| Property Description
| True if this host is considered "active," False otherwise
|-
|-
| HTTP User Agent
| The HTTP User Agent of this host (according to a recent HTTP request)
|-
|-
|'''IP'''
| Captive Portal Authenticated
|The IP address of the host (the primary key)
| True if this Host is authenticated with [[Captive Portal]] (at least one)
|-
|'''MAC Address'''
|MAC address the network interface (wireless, ethernet) used by the host.
|-
|'''MAC Vendor'''
|Vendor of the network interface (wireless, ethernet) used by the host.
|-
|'''Last Accessed Time'''
|Last time information about this host was updated
|-
|'''Last Session Time'''
|Last time a non-bypassed session was initiated by this host
|-
|-
|'''Hostname'''
| Tags
|The hostname of this IP (if known)
| The tags of this Host
|-
|-
|'''Username'''
| Tags String
|The username of this IP (if known)
| The tags of this Host
|-
|-
|'''Penalty Boxed'''
| Hostname
|Is this host in the Penalty Box (true is yes)
| The official ''Hostname'' of this host
|-
|-
|'''Penalty Box Entry Time'''
| Hostname Source
|Time the host entered the penalty box
| The source of the official ''Hostname'' of this host
|-
|-
|'''Penalty Box Exit Time'''
| Hostname (DHCP)
|Time the host will exit the penalty box
| The hostname of this host according to DHCP (Hosts often specify their hostname when retrieving a DHCP lease)
|-
|-
|'''Quota Size'''
| Hostname (DNS)
|The Quota size in bytes granted to this host (if it has a quota)
| The hostname of this host according to reverse DNS
|-
|-
|'''Quota Issue Time'''
| Hostname (Device)
|The time the quota was issued
| The hostname of this host's MAC address according to [[Devices]]
|-
|-
|'''Quota Expiration Time'''
| Hostname (Device Last Known)
|The time the quota will expire
| The last known hostname of this host's MAC address according to [[Devices]]
|-
|-
|'''HTTP - User Agent'''
| Hostname (OpenVPN)
|The host's browser reported User Agent string
| The hostname according to [[OpenVPN]]
|-
|-
|'''Captive Portal - Authenticated'''
| Hostname (Reports)
|Stores the authentication state of this host through [[Captive Portal]] (true/false)
| The hostname according to the Name Map in [[Reports]]
|-
|-
|'''Captive Portal - Username'''
| Hostname (Directory Connector)
|The username of this host according to [[Captive Portal]]
| The hostname according to [[Directory Connector]]
|-
|-
|'''Directory Connector - Username'''
| Username
|The username of this host according to [[Directory Connector]]
| The official ''Username'' associated with this host
|-
|-
|'''L2TP - Username'''
| Username Source
|The username of this host according to L2TP in [[IPsec VPN]]
| The source of the official ''Username''
|-
|-
|'''Xauth - Username'''
| Username (Directory Connector)
|The username of this host according to Xauth in [[IPsec VPN]]
| The username according to [[Directory Connector]]
|-
|-
|'''Device Username'''
| Username (Captive Portal)
|The username of this host according to the ''Device Username'' in the [[Device List]]
| The username according to [[Captive Portal]]
|}
 
Clicking on the dropdown on the column header provides several features to help view large data sets:
* Sort values by that row.
* Hide/Unhide certain columns
* Group by that column (all shared values will be grouped together)
* Filter data (only show data that matches the provided filter on that row)
 
== Penalty Box Hosts ==
 
This tab shows all the host currently in the [[Penalty Box]]. This is just a different view of the same information shown in the ''Current Hosts'' tab. It only shows hosts where ''Penalty Boxed'' is true.
 
== Penalty Box Event Log ==
 
This event log shows penalty box enter and exit events.
 
The columns of the event log:
 
{| border="1" cellpadding="2" width="85%" align="center"
|+
! Name !! Description
|-
|-
|width="15%"|'''Start Time'''
| Username (Device)
|width="70%"|The time the host was put in the penalty box.
| The username of this host's MAC address according to [[Devices]]
|-
|-
|'''End Time'''
| Username (OpenVPN)
|The time the host is planned to be or was released from the penalty box.
| The username according to [[OpenVPN]]
|-
|-
|'''Address'''
| Username (IPsec VPN)
|The host/IP placed in the penalty box
| The username according to [[IPsec VPN]]
|-
|-
|'''Reason'''
| Quota Size
|The text string explaining the reason the host was placed in the penalty box.
| The size of this host's quota (in bytes)
|}
 
== Current Quotas ==
 
This tab shows all the hosts currently with a quota. This is just a different view of the same information shown in the ''Current Hosts'' tab, except only showing hosts with a quota.
 
== Quota Event Log ==
 
This event log shows all quota events.
 
The columns of the event log:
 
{| border="1" cellpadding="2" width="85%" align="center"
|+
! Name !! Description
|-
|-
|width="15%"|'''Timestamp'''
| Quota Remaining
|width="70%"|The time of the event
| The amount of quota remaining (in bytes)
|-
|-
|'''Address'''
| Quota Issue Time
|The host/IP placed in the penalty box
| The original issue time of this host's quota
|-
|-
|'''Action'''
| Quota Expiration Time
|The action of the event.
| The expiration time of this host's quota
|-
|-
|'''Quota Size'''
| Refill Quota
|The size of the quota.
| '''Refill Quota''' action will refill this Host's quota
|-
|-
|'''Reason'''
| Drop Quota
|The text string explaining the reason the action was taken.
| '''Drop Quota''' action will remove this Host's quota
|}
|}
</blockquote>

Latest revision as of 16:10, 3 May 2022

Hosts provides a view of all current "hosts" or unique IP address on the local network(s).

Each row represents a single a host (unique IP address) that has been seen on any LAN interface.

As NG Firewall scans and processes network traffic, the platform and many of the apps will save information about a host on the network. This information is stored in the "Host Table" and the Hosts view provides a view into the host table.

Controls

The host view by default shows all hosts and some basic information about each session. To view all the information for a session click on the session and all attributes are displayed in the property grid on the right side.

  1. Refresh refreshes the grid with the current active sessions.
  2. Auto Refresh toggles automatic refreshing of the grid.
  3. Reset View resets the view to the default view. Any changes to the default view are saved in your local browser session.
  4. Filter provides the ability to quickly filter all sessions my many key attributes.

More controls can be access by mousing over any column head and using the drowdown menu on the column header.

  1. Sort Ascending sorts the selected column in ascending order.
  2. Sort Descending sorts the selected column in descending order.
  3. Columns allows the removal or addition of columns to the current view.
  4. Filter provides a way to filter current data on this column with the provided value.

Columns

Columns

Property Description
Address The IP address of this Host
MAC Address The MAC address of this Host if it is known
MAC Vendor The Vendor of the MAC address of this Host if known
Interface The interface on which this Host was last seen
Creation Time The creation time of this Host entry
Last Access Time The last time an app or the platform accessed this Host entry
Last Session Time The last time this host attempted to create a session
Last Completed TCP Session Time The last time this host successfuly completed a TCP session to a WAN address
Entitled Status False if this host is not entitled to premium functionality because the limit is exceeded True otherwise
Active True if this host is considered "active," False otherwise
HTTP User Agent The HTTP User Agent of this host (according to a recent HTTP request)
Captive Portal Authenticated True if this Host is authenticated with Captive Portal (at least one)
Tags The tags of this Host
Tags String The tags of this Host
Hostname The official Hostname of this host
Hostname Source The source of the official Hostname of this host
Hostname (DHCP) The hostname of this host according to DHCP (Hosts often specify their hostname when retrieving a DHCP lease)
Hostname (DNS) The hostname of this host according to reverse DNS
Hostname (Device) The hostname of this host's MAC address according to Devices
Hostname (Device Last Known) The last known hostname of this host's MAC address according to Devices
Hostname (OpenVPN) The hostname according to OpenVPN
Hostname (Reports) The hostname according to the Name Map in Reports
Hostname (Directory Connector) The hostname according to Directory Connector
Username The official Username associated with this host
Username Source The source of the official Username
Username (Directory Connector) The username according to Directory Connector
Username (Captive Portal) The username according to Captive Portal
Username (Device) The username of this host's MAC address according to Devices
Username (OpenVPN) The username according to OpenVPN
Username (IPsec VPN) The username according to IPsec VPN
Quota Size The size of this host's quota (in bytes)
Quota Remaining The amount of quota remaining (in bytes)
Quota Issue Time The original issue time of this host's quota
Quota Expiration Time The expiration time of this host's quota
Refill Quota Refill Quota action will refill this Host's quota
Drop Quota Drop Quota action will remove this Host's quota