Traffic Sentinel : Help
Help Index Top > Maps > Layer 2

The Layer 2 page shows discovered switches and routers and the links between them.


What controls are available on the map?

The following operations are supported on the map:

Back to Top

How do I get detailed information on a device?

Hovering over an item in the map will cause it to expand to show additional information. Underlined labels on lines and nodes are links to search for additional information on the item (see Sentinel:Search>Host, Sentinel:Search>Agent/Interface and Sentinel:Search>Protocol )

Back to Top

How do I show a single device and its neighbors?

Clicking on a device in the map will select just that device and its immediate neighbors. Click on the Reset Map button to show all devices.

Back to Top

How do I display status on the map?

Set the Show option to Status. The color of agents and links will reflect the worst status of any component of the item.

The following status colors are used:

Back to Top

How do I display traffic flows on the map?

Set the Show option to Flows. The thickness of lines will be determined by the amount of traffic during the specified Time that matches the filter.

The following filter settings are available:

Note: The map displays measured traffic; if a device does not support flow monitoring then the map will not be able to scale its links correctly.

Back to Top

How do I create a filter to select specific flows?

The Where box is used to filter traffic queries so that only selected traffic is shown. A filter expression can be entered directly into the input box. Clicking on the OK button applies the filter. Clicking on the Clear button will remove the filter.

An easier way to construct filters is to click on the Edit button to display additional inputs used to construct the filter expression. The first input consists of a selection box containing attributes that can be compared, a selection box containing comparison operators and an input area to specify that values to be compared to the selected attribute. Clicking the Add button appends the comparison to the current filter. There are also boolean operator buttons (& and |) and bracket buttons that can be used to combine comparison expressions to form more complex filters. The filter builder only enables buttons and inputs when they are allowed in the filter expression that is being constructed. Once the desired filter has been constructed, click on the OK button to apply it.

Note: If you just want to filter on a Host or Protocol then it is easier to set the Host and Protocol options in the Filter bar, rather than constructing a Where filter.

A basic filter expression consists of the name of an attribute, an operator and a set of comma separated values. The allowed operators are:

Expressions can be combined using brackets and the boolean operators:

The following examples illustrate typical where filters:

Note: The special zone EXTERNAL refers to addresses that aren't contained in any of the CIDRs specified using File > Configure.

WARNING Care should be taken if a value in a filter expression contains any of the following special characters: (, ), &, |, !, =, ~, ",', \, comma or space. If the value contains any of these characters then the whole value string can be enclosed in single or double quotes, or the special characters can be individually escaped with a \. The following examples show different ways of using the value "Research & Development" in filters:

Note: Special characters typically occur because they are used in Zone or Group names when configuring Traffic Sentinel (see File>Configure). Care should be taken when filtering on zone, group or path attributes.

Back to Top