In the article User identity as part of the data flow, we introduced the concept of user identification based on log processing and enrichment of flow data. Thanks to Flowmon solution user identification is a simple task. Flowmon creates a map of user identities related to individual IP addresses and store this information as part of flow data as they reach to Flowmon Collector. User

identities are then available as part of flow records in analysis.

Figure 1: Flowmon Monitoring Center - Active devices

Detailed overview of all active devices in the network can be found in the Flowmon Monitoring Center under the "Active Devices".

In this section you can monitor the activity of the device and also identify the individual device using traditional attributes such as IP address, MAC address and VLAN tag. Since Flowmon 7.03 information about user identity and host operating system is available.

This list can be easily filtered. You can set monitored period or selected types of operating system. In the list you can select the specific device, and view all activity of devices. All data displayed in the GUI can be simply exported in CVS format.

Figure 2: Selected a specific device in the list

To access Active devices it is necessary to enable the feature in the Flowmon Configuration Center by checking "enable active devices logging" and set your IP address ranges for which the active devices data will be collected. You can also select sources over which data will be collected.

Figure 3: Checking "enable active devices logging"