How often you need to know, who is sitting behind devices in your network, who communicated in certain time frame or a month ago? Flowmon solution provides reliable user identification based authentication logs combined with flow data. The ability to monitor active devices in your network brings new benefits like user identification and host OS identification.
In the article User identity as part of the data flow, we introduced the concept of user identification based on log processing and enrichment of flow data. Thanks to Flowmon solution user identification is a simple task. Flowmon creates a map of user identities related to individual IP addresses and store this information as part of flow data as they reach to Flowmon Collector. User
identities are then available as part of flow records in analysis.
Figure 1: Flowmon Monitoring Center - Active devices
Detailed overview of all active devices in the network can be found in the Flowmon Monitoring Center under the "Active Devices".
In this section you can monitor the activity of the device and also identify the individual device using traditional attributes such as IP address, MAC address and VLAN tag. Since Flowmon 7.03 information about user identity and host operating system is available.
This list can be easily filtered. You can set monitored period or selected types of operating system. In the list you can select the specific device, and view all activity of devices. All data displayed in the GUI can be simply exported in CVS format.
Figure 2: Selected a specific device in the list
To access Active devices it is necessary to enable the feature in the Flowmon Configuration Center by checking "enable active devices logging" and set your IP address ranges for which the active devices data will be collected. You can also select sources over which data will be collected.
Figure 3: Checking "enable active devices logging"