DDR4 Memory; 1866/ 2133/ 2400/ 2667Mhz (by JEDEC) For AMD Ryzen Gen3 (R5/R7/R9) 2667/ 2800/ 2933/ 3000/ 3066/ 3200/ 3466/ 3733/ 3866/ 4000/ 4133 MHz (by A-XMP OC MODE). High limit kornos slot machine handpay jackpot, high limit slot machine max bet jackpot, Kronos Unleashed Slot HANDPAY JACKPOT, jackpot winners 2021, las ve. A time slot starts at every 5 minutes cycle of the hour ( 0, 5, 10, 15 etc. ) and lasts 5 minutes. On the other side a time window consists of several time slots. When entering the ' Details' view a window scale of one days is selected so you will see the last 24 hours of the profile. DDR4 Memory; 1866/ 2133/ 2400/ 2667Mhz (by JEDEC) For AMD Ryzen Gen3 (R5/R7/R9) Supports 2667/ 2800/ 2933/ 3000/ 3066/ 3200/ 3466/ 4000/ 4133 MHz (by A-XMP OC MODE).
Rally your horses to join the mightiest force on the Earth which is being led by the mighty Caesar himself in the Victorious Max slot machine developed by NetEnt. Known for his fierce battles and cunning politics, Caesar leads an army of Roman soldiers on their mighty endeavour in this title. Victorious Max is the advanced version of the famous victorious machine that was originally developed by NetEnt itself and became an instant gambling hit.
Victorious Max Slot Review
The advanced version offers even bigger rewards to the players. It features 5 reels and 243 playlines. It is set against a raging battleground, and the reels are pure white with occasional warrior cards spread on them. The max version has a higher volatility than the original version. As a matter of fact, players can easily switch between the classic version and the max version by the hit of a button. The theme sound of the game has a battle clash, epic drums, and sword fights. Thus the background screen and the theme music maintain the essence of the game as a Roman styled casino game.
Notable Features of Victorious Max
The machine has been developed by NetEnt. Any gambler or gamer worth his salt would not be unaware of the name of the company. Being a leading development house, they have often packed their games with abundant gambling features. Rightly so, the Victorious Max slot game has arrived with some of the most advanced gambling and gaming features. It has wild cards, scatters, free spins, special symbols, regular symbols, and bonus rewards. The game does not have a progressive jackpot.
Wild Card
The mighty eagle of the emperor acts as the wild card in the game. It can appear on the 2nd and 4th reels. The wild card is particularly helpful in forming winning combinations as the card can replace any other symbol if the replacement leads to a successful winning combination.
Scatter
The Romans had a very high place for the olive trees. It was a symbol of prosperity, and hence they crowned their king with a crown made from olive leaves. As an ode to the glorious ancient history of the Roman Kingdom, the olive card serves as the scatter card. Appearing alone in a winning combination, it can pay out huge rewards. But if it appears in a combination, it can lead to a huge number of free spins being rewarded to the players.
Free spins
If the players are lucky enough to get 3 or more scatter cards on their reels during the gameplay, they are showered with rewards and free spins. The details of the free spins are:
- Three or more cards can trigger the free spin rounds.
- These symbols must be present on the reels in succession, beginning from the leftmost reel.
- The coins won during the free spin round are multiplied by 6x.
- The free spins can be re-triggered, but the additional spins do not have a 6x multiplier.
Classic Version
The max version has a slightly higher volatility than the classic version. The players can switch between the two modes by using the 'Classic' button provided on the control panel.
Game Symbols
Victorious Max casino slot machines draw inspiration from Roman history. Hence the highest paying symbols in the game are leading characters from Roman history itself.
- Caesar: Hate him or like him, Caesar has left his mark in the history books. He is the highest paying symbol in the machine as he leads the charge with an army of Roman soldiers ready to die by his side. Five of these symbols can pay up to 5000 coins while 4 of them reward the players with 750 coins.
- Brutus: Remember the phrase 'Et Tu Brute!' Caesar's best friend and his general Maximum Brutus is the second highest paying symbols. Gather 5 of these cards awards the player with 1500 coins. For 4 cards they are awarded 600 coins.
- Gladiator: The glorious gladiators are an inseparable part of the Greek-Roman culture. A mighty gladiator with his sword raised is the 3rd highest paying symbol in the machine. For 5 such cards, players are awarded 750 coins, and for 4 of them, they are awarded 300 coins.
- Classic symbols: The machine features A, K, Q, J, 10, and 9. Just like other Netent machines A is the highest paying regular symbol while 9 pays the smallest reward to the players.
Other Features
The gamblers can win a mega jackpot of 10,000 coins as they play Victorious Max slot online. To the disappointment of seasoned gamblers, the machine has not featured a progressive jackpot. But the machine makes up for the absence of jackpot by the frequent occurrence of the wild card and Caesar himself. The RTP of the machine is 96.2%.
Playing and Winning Big in Victorious Max
Caesar has summoned you to command his army in the glorious battle, but before you head out to the battle on your horse, you must ensure that the bets are in order. Like any other NetEnt slot machine, placing a bet in this slot machine is a matter of seconds. This machine too features a dual control bet system where the bet can be altered either by changing the coin size or number of coins. The 'Level button is used to increase or decrease the number of coins being bet. The minimum bet level is 1 and the maximum, as expected, is 10. To alter the coin size, the players can change take help of the 'Coin Value' button. The coin value varies between 0.01 and 0.50. If you are a player with a hefty budget and want to avoid the betting hassles, then look no further. This game has provided a special 'Max Bet' button. Pressing this special button set the wager to the maximum possible value. For players who are fans of uninterrupted gaming sessions, the machine comes with the 'Autoplay' mechanism. Pressing the 'Autoplay' button allows them to play up to 50 games without any breaks. Once done with the betting formalities, the player presses the 'Spin' button to tumble the reels.
Tips to Win Big
Win or loss in the game is decided by the output of the RNG algorithm. However, the players can maximize their win if they opt the following strategy:
- Do not go big from the very first round. Gradually increase your wager.
- Wait for the machine to turn hot and enter the game only when it has started to throw rewards.
- Practice the free Victorious Max slot machine available on our site.
Free Demo
Free demos play a very crucial role in the success of a gambler. Seasoned players always opt for playing a few rounds of the demo game before betting with their own hard-earned money at a real casino. To help the players and punters, we have provided the Victorious Max free slot machine on our website. It is really easy to use the Victorious Max slot online for free. It does not need any kind of registration or deposit from the players. The version is completely online, and the players can play it with ease on their mobile devices.
Mobile Version
Mobile gaming has brought a revolution in the gambling and betting strategy. All modern games being produced by the leading companies are fully mobile compatible. Taking a cue from the needs and demand of the industry, Netent too has ensured mobile compatibility in the machine. This game has been developed using an advanced HTML5 framework. Hence, the players can play the game on their favourite devices running on Android, iOS, and Windows devices. To check the compatibility of their device, the players can test Victorious Max free slots game on their mobile devices.
Conclusion
Victorious Max slot is a fully modern Roman-themed slot machine where the mighty Caesar leads a charge on the enemy. With 5 reels, 243 playlines, plenty of free spins, and an RTP of 96.2%, this game has all the elements of an incredible gambling machine. Serious gamblers would love to place their bets with real money while the punters can play free Victorious Max slots to understand its rules. Once familiar with the game, they can head to their favourite casino and place their wagers.
📌 Is it possible to play Victorious Max without paying a deposit?
Yes. The demo version of the game is listed on our site, and it can be played by anyone without paying any deposit fee.
📌 Is there a progressive jackpot in the game?
The game does not have any progressive jackpot but offers a large number of free spins.
📌 Can I play it on a mobile phone?
Yes. The game is fully compatible with a mobile device and can be played by anyone using a modern updated browser on their smartphone.
What is NfSen?
NfSen is a graphical web based front end for the nfdumpnetflow tools.
NfSen allows you to:
Display your netflow data: Flows, Packets and Bytes using RRD (Round Robin Database).
Easily navigate through the netflow data.
Process the netflow data within the specified time span.
Create history as well as continuous profiles.
Set alerts, based on various conditions.
Write your own plugins to process netflow data on a regular interval.
Different tasks need differentinterfaces to your netflow data. NfSen allows you to keep all theconvenient advantages of the command line using nfdump directly andgives you also a graphical overview over your netflow data.
NfSenis available at sourceforgeand distributed under the BSDlicense.
Versions:
Stable: 1.3.6 for use with nfdump Dec 31, 20111.6.5.
Snapshots: May be provided betweenstable releases and are published as snapshot-yyyymmdd
This documentation refers toversion 1.3.2
Max Slots Bets
Note: All IP addresses in this documentare anonymized. Any coincidence with real IP addresses is by purechance.
NfSen is hosted by Sourceforge:
Table of Content
NfSen - Netflow Sensor
NfSen - General Overview Page | NfSen – Navigation Page | NfSen - Navigation Page |
NfSen - Netflow Processing output | NfSen - Profile Info | NfSen - Alerting |
Prerequisites:
PHP and Perl:
NfSen is written in PHP and Perl and should run on any *NIX system.
At least Perl 5.6.0 and PHP > 4.1 is required including the Socket and Perl regex extension.Perl Modules:
NfSen alerting requires the following Perl Modules:
Mail::Header, Mail::InternetRRD tools
All netflow graphs in NfSen require RRD. At least the RRDs Perl Module is required.
You will find all about RRD here.Nfdump tools
The nfdump tools are the backend tools for NfSen and will collect and process the netflow data.
Make sure, that you have version 1.5.8 installed. Don't try any version < 1.5.5, or the profiles will not work.
You can download nfdump from sourceforge nfdump.sourceforge.net.
First Installation
NfSen has a very flexible directorylayout. To simplify the first time installation, a default configfile is provided, which requires only little changes to work. Thedefault layout stores everything but the html pages under BASEDIR.However, you may configure NfSen to fit your local needs. The figurebelow shows the default layout with most configurabledirectories.
All netflow data is stored under PROFILEDATADIR. Somake sure you have enough disk space for this directory. You may alsomount a dedicated disk volume to PROFILEDATADIR.
Directory Structure
If you have installed allprerequisites, change to the etc directory and copy the NfSentemplate config file nfsen-dist.conf tonfsen.conf.
Edit nfsen.conf according your needs.
When you are done with nfsen.conf, run the install.pl script inthe NfSen distribution directory:
Running install.pl will:
Create the NfSen environment under BASEDIR
Copy the php/html files into the HTMLDIR
Create the live profile.
Prepares the RRD DBs for the live profile.
Creates and configures config.php
After the installation, you will find the nfsen.conf file inCONFDIR. This documentation, is installed in DOCDIR. However. the webpage has no direct link to the documentation.
UpgradingNfSen
The installer supports upgrading from NfSen version 1.2.x.Upgrading from NfSen versions < 1.2 will not wok. You will firstneed to upgrade these installations to 1.2.4 and then to 1.3.x.
To upgrade your current NfSen installation:
Stop old nfsen, due to nfprofile incompatibilities.
./nfsen.rc stopUpgrade nfdump to stable 1.5.6. Do not forget to configure nfdump with --enable-nfprofile option.
This update is required!Upgrade NfSen:
./install.plThis will update your current NfSen installation. and you're done.
Note:
As of snapshot20060325, NfSen changed the RRD DB layout to enable 'on the fly'add/delete of netflow sources. This requires to convert all RRD DBsfrom all profiles from old style to new style layout. This is doneautomatically at installation time but will take some time tocomplete. Do *NOT* interrupt the conversion process at anytime or your nfsen installation will be corrupted. Once you upgradedyou can not downgrade NfSen to an older version.
If you have plugins installed, check the README.plugins file for some small changes required to be for each plugin. If you have PortTracker installed, you need to update to the PortTracker version included in the contrib directory, coming with NfSen. You need not to rebuild your current db files, just rebuild nftrack and replace the plugin files. See the INSTALL file.
Start NfSen:
BINDIR/nfsen start
Adding/Removing Netflow Sources inNfSen
Each channel in NfSen has a collector associated. Thereforeadditional parameters are required for each channel. All thesesettings are stored in the config file nfsen.conf. Toadd/remove netflow sources edit the nfsen.conf file. Make appropriatechanges such as adding/deleting entries in the %sources hash.When done, run ./nfsen reconfig on the command line. This willcreate or delete the channels as well as stop/start the collectors asnecessary. Note: If you make some changes on existing channels in the%sources hash, this does not require to reconfig NfSen. Simply stopand start NfSen.
Mad Max Slot Machine
Start-Stop NfSen
The nfsen command inBINDIR is also used to start and stop NfSen. You may create asoft link from your appropriate rc.d directory to this file., orinclude this command into the BSD style rc.local file.
Tostart NfSen:
This starts all nfcapd processes to collect the netflow data and thenfsend background process to update your profiles, as new databecomes available. Point your web browser to nfsen.php. ( Typicallyhttp://yourserver/nfsen/nfsen.php ).
To stop NfSen:
The background task nfsend as well as nfcapd log to syslog.nfsend is very chatty, when configuring syslog priority 'info'or less. You may want to set the syslog priority to 'warning' fornormal operation. For debugging purpose, use 'info' or 'debug'.
NfSen has two different user interfaces:
Web Interface
Command line interface
Most of the time you will want to use the web interface. However,you can almost do everything from the command line as well. Thecommand line interface is described in more details later in thisdocument.
Tab Navigation
TabNavigation
The navigator bar allows you to select the different views.The default view is Home, when you point your browser tonfsen.php. It shows an overview of the currently selected profile. Bydefault, this is the live profile. The three columns show the'Flows', 'Packets' and 'Bytes'history.
If the currently selected profile is a continuousprofile, the page is automatically refreshed every 5 minutes toupdate the graphs. This allows you to have a browser window on yourscreen, with always up to date graphs. The Graphs tab adds asub navigator bar, where you see again the 'Flows','Packets' and 'Bytes' graphs but biggerin size. When clicking on one of the graphs in either view, you willbe automatically switch to the 'Details' view forfurther investigation processing.
Flow Navigation
Detailed navigation and investigation of the netflow data is donein the 'Details' view. When entering this view, youwill see the navigation display.
NavigationDisplay
NetflowProcessing Controls
The page is divided into twoparts: The upper part allows you to navigate through the netflow dataas well as selecting a single time slot or time window. The lowerpart contains all the controls to process the netflow data of theselected time slot or time window.
Clicking on any of the small protocolor type graphs will replace the main graphics with the selectedgraph. You can switch back and forth and select the protocol and/ortype for the main graph, which is appropriate for investigating yourcurrent situation. The bigger main graph is automatically split intothe protocols 'TCP', 'UDP', 'ICMP' and 'other', which is 'not (prototcp or proto udp or proto icmp)', whenever you switch the type. To'flows', 'packets' or 'bytes'.
Theavailable time span of the graph can be changed using the pull downmenu, just below the main graph:
SelectTime Span
Selecting a differenttime slot
A time slot starts at every 5 minutes cycle of the hour( 0, 5, 10, 15 etc. ) and lasts 5 minutes. On the other side a timewindow consists of several time slots. When entering the 'Details'view a window scale of one days is selected so you will see thelast 24 hours of the profile. The time cursor is placed in the middleof the begin and end of these 24 hours and the time window slot isset to one time slot. You will see the selected time slot or timewindow always in the title of the browser window, in the title of themain graph as well as above the small type graphs in the upper rightsection of the main graph. There are several ways to change thecurrent time slot.
The most easiest one is by simply clicking into the graph at the appropriate time slot. This immediately move the cursor to the selected position.
You may also very easily dragging the handle of the cursor to the select time slot within the selected time span.
Fig.Drag Handle to move time slot
While moving the handle,the current selected time slot is automatically updated in tstartand tend on the right hand side of the graph. Whenreleasing the handle, the cursor automatically snaps to the nearesttime slot and the values in the statistics table are updatedaccordingly.
Other ways selecting a different time slot using the control buttons below the main graph:
Using the time cursor controls:
> | Next time slot: Advance time by 5 minutes. |
< | Previous time slot: Go back 5 minutes. |
>> | Advance time slot by a full time span of the graph. |
<< | Go back by a full time span of the graph. |
>| | Go to the end of the profile. ( current time slot ) |
| | Center time cursor in current graph. |
^ | Place cursor at the peak, found within +/- 1 hour time-span of current cursor position. |
The graphs are immediately updated, when selecting a different time slot. However, there are limits for moving the cursor. The cursor can not be moved outside the visible part of the graph on the left or right hand side. You may also not move the cursor outside a time slot where data has expired and no data is available for processing. This limit is marked by the dark grey area on the left hand side of the graph.
Fig.Border of available Data
Selecting a time window
Sometimes it is desirable to select and process more than a single5 min time slot. From the menu below the main graph select 'TimeWindow'
Fig.Select time window
This splits the cursor handle into two halves, whichcan be dragged individually as needed. Drag the left and/or rightborder of the selected window as needed.
Selected Time Window
The statistics summary isautomatic updated, when releasing either handle, when moving. Toswitch back to a single time slot, select 'Single Timeslot' fromthe menu..
Statistic Summary
The statistic summary below the maingraph gives you an overview about flows, packetsand traffic of the selected time slot or time window.Each line corresponds to one configured netflow source in profile'live' or to a configured channel in any other profile. Foreasy visual matching a small colour field with the same colour as inthe the graph prepends each row. If you are interested in only someof the channels, you may remove the others by clicking thecheckboxes. This disables or enables this channel in all graphs andin the statistics respectively.
The statistic summary can be switchedbetween the total sum of the selected time window, or the rate valuesper second. The scaling factors for K, M and G are 1000.
Fig.Summary Statistics
Individual columns can becollapsed or expended as needed, by clicking on the blue triangles.The entire statistics can be shown or hidden by clicking on theyellow triangle. When collapsing a column, a single column remainswith the type, which is shown in the main graph.
Fig.Expand/Collapse stat
Disabledsources 'upstream' and 'gateway'
Enabling or disabling channels re-scales the graphsaccording the remaining sources, you get a more detailed graph and adifferent resolution on the y-axis.
Graph Display Options
To view the details your are interested in, a graph may bedisplayed with different options:
Scale:
Linear y-axis
Logarithmic y-axis.
Graph Type:
Stacked: All sources are drawn on top of each other.
Line: All sources are drawn independent.
You may switch at any time the display option by clicking on theappropriate radio buttons in the lower right corner of the maingraph. You may spot more easily peaks in some of the sources byswitching to the line graph display option.
Fig.Line graph
Netflow Processing
Once you have selected the time windowof interest, you can process and filter the netflow data accordingyour needs, using the process form in the lower part of the window:
Select the netflow sources to process. You may select multiple sources.
Enter a netflow filter. The syntax conforms to the nfdump filter syntax.
Select any options for the analysis.
Click 'process'.
A default filter is supplied when a specific protocol is selected in the main graph. You may add any further filter expressions as needed.By just clicking process, a top 10 statistics of the any IP address ordered by flows is calculated. However, you may change this at any time.
The sources, the filter as well as all options from the processing form are compiled into the appropriate nfdump command. For convenience a short description of the filter syntax and options follows. More details are available in the nfdump(1) man page.
Filter Syntax
The filter syntax is similar to thewell known pcap library used by tcpdump. The filter can span severallines. Anything after a '#' is treated as a comment and ignored tothe end of the line. There is virtually no limit in length of thefilter expression. All keywords are case independent, unlessotherwise noted. For a complete filter syntax see the nfdump(1)man page.
Any filter consists of one or more expressions expr.Any number of expr can be linked together:
NamedFilters
An often used filter can be saved and used at any time later whileprocessing flows. To create such a custom filer, enter the filter inthe text box and click on the diskette symbol to save your filter.After successfully saved, the filter is available in the select box.The resulting filter is always the filter in the text box and thenamed filter, therefore logically linked 'and' . A namedfilter may be delete or edited at any time by selecting the filterand clicking on the appropriate icon – either edit, or delete. Thenamed filters are store in a file under BASEDIR/var/filters and canalso be changed there.
Fig.Default Filter
Options
When processing netflow data, there aretwo general options. Listing flows and creating a flow statistics.You can switch between the two options by clicking on the appropriatebutton. Depending on what you have selected, the panel automaticallyadapts to all available options.
List Flows | |
Limit to | List only the first N flows of the selected time slot |
Aggregate | Option to aggregate the flows. |
Sort | When listing flows from different channels/sources you may sort them according the start time of the flows. Otherwise the flows are listed in sequence of the selected channels. |
Output | Select one of the available formats to list the flows. The predefined formats 'line', 'long' and 'extended' are always available and correspond the the output formats of nfdump likewise. However, you may specify any time additional output formats by selecting 'custom ...'. Enter your own format now in the text input which appears. The format is equivalent to the format specification described in the nfdump(1) man page.
By clicking on the diskette symbol, you save your new format, which appears now in the selection menu, ready to use. |
Stat TOP N | |
Top | Limit the statistics to the first top N |
Stat | Select the statistics you want from the menu and the order option |
Aggregate | This option is only available for the flow record statistics and is equivalent to the aggregate option in List flows. See the description above. |
Limit | Limit the output only to those statistic lines whose packets or bytes match the specified limit. |
Output | This option is identical to the Output option in 'List flows' . See the description above. |
Note:
Depending on the size of your network, netflowprocessing may consume a lot of time and resources, when you select alarge time window and multiple resources.
IP Lookup
All IP addresses in the flow or statistic listing can be easilylooked up by clicking on the IP address. The result of thecyberwhois.org, maintained by Philippe Bourcier, is shown in a lookupbox.
Fig.IP Lookup
However, you may customize this lookup by creating yourown lookup. In the $LIBEXECDIR copy the module Lookup.pm toLookup_site.pm and change the Lookup function accordingto your own needs. Do not forget to change the module name to'Lookup_site'. Do not modify the original Lookup module, asany future NfSen update may overwrite your changes.
Profiles
A profile is a specific view on the netflow data. A profile isdefined by its name, type and one or more profilefilters, which are any valid filters accepted by nfdump.
Atleast the profile 'live' is always available and is used tostore your incoming netflow data without filtering. You can switchback and forth to any profile using the pull down menu in the upperright corner of the web page.
Fig.Profile Selection
Profile Types
A profile can be either of type History or Continuous.A history profile starts and ends back in the past and remainsstatic. It neither grows nor expires. A continuous profile may startin the past and is continually updated while new netflow data becomesavailable. It grows dynamically and may have its own expire valuesset. Old data expires after a given amount of time or when a certainprofile size is reached. Additionally a profile can be created as aShadow profile, which means no netflow data is collected, andtherefore saves disk space. A shadow profile accesses the data ofprofile 'live' when data processing is done with the properprofile filters applied first.
Continuous
| History
|
Continuous / Shadow
| History / Shadow
|
Profile Channels
A profile contains one or more profile channels. A profile channelis defined by its channel filter, colour, sign and order in which thechannel is displayed in the graph. A channel is based on one or morenetflow sources from the 'live' profile. The number ofchannels is independent of the number of netflow sources.
Fig.Profile Channels
Fig.Profile Examples
Creating profiles
Select the 'New profile ...' entry in the profile pulldown menu.
Completethe 'New Profile' form to start building the profile. By moving themouse over the '?' icon, a help text appears to guide youthrough the process of creating the profile.
Profiles may be grouped together for easier selection in theprofile menu. Select either an existing profile group, or create anew group according to your needs. There is no difference to otherprofiles other than grouping the profiles in the profile menu.
The profile type 'Continuous' or 'History' isautomatically detected according the 'Start' and 'End'values you enter. As profiles are created from netflow data fromprofile 'live', the start and end of the profile must fall inthe time range of the profile 'live'.
If you leave the 'Start' and 'End' inputs empty, a continuous profile is created and starts from the time the profile is created.
If you enter a 'Start' time but no 'End' time, a continuous profile is created. Data from the past up to to time, the profile is created is profiled and updated immediately when the profile is created.
If you enter a 'Start' and 'End' time a history profile is automatically created.
Expire / Max Size
A continuous profile may expire due tothe age of the data or the profile size used on disk. Expiring startswhenever one of the two limits is reached. Expiring ends at theconfigured value $low_water ( in % ) in the config filenfsen.conf. By setting any of these values to 0, the limit does notapply.
1:1 Profile
For compatibility with NfSen version 1.2.x aprofile with 1:1 channels may be created, which means, that for everynetflow source in the live profile a corresponding channel in theprofile will be automatically created. The selected sources and thefilter in the profile create dialogue are taken for this 1:1 profile.This is the easiest type of a profile.
Individual Channels
For new style profiles select thisoption. In the 'new profile' dialogue entries for netflow sources aswell as for the common filter disappears, as these parameters are nowindividual for each channel and entered in the channel dialogue.
Fig.Successful creation of a new profile with individual channels.
Creating channels
After the profile has beensuccessfully created, one or more channels can be added now byclicking on the '+' icon at the right hand side of the'Channel List'.
Fig.Channel Dialogue
The parameters colour, sign and order are used to display thechannel correctly in the graph. The filter as well as the netflowsources are needed to correctly profile the channel. The procedure ofadding a channel to a new profile can be repeated as often asrequired to complete the profile. When all channels are added the newprofile must be committed to activate the new profile. This is doneby clicking on the checkmark on the right hand side of the 'Status'line.
Fig.Commit new profile
Once the profile is committed, the build process starts ifrequired. Depending on how long back in the past the profile starts,this can take a considerable amount of time. You can follow the buildprocess by looking at the progress bar, showing you the percentage ofcompletion. This progress bar is updated automatically every 5seconds. Note: There are no graphs available in the profile as longas the profile is not completely built.
Fig.Progress of building the profile
Please note: For the 'live' profile, channelshave to be configured in nfsen.conf.
Managing Profiles
Profiles can be modified by selecting the 'Stat' tab of theprofile and click on any of the available edit icons of the desired parameter. By clicking on the edit icon of a channel,you may modify the requested channel. All changes will affect theprofile immediately. You may also add or delete channels in acontinuous profile. However, please note, that adding a new channelto an already existing profile will not rebuild any data for thischannel for data in the past. Deleting a channel or the entireprofile may be done by clicking on the trash icon.
Converting Profiles
Profile may be converted into another type as desired. However,not all conversions are possible. The figure below shows and explainsthe possible conversions.
Fig.Profile conversion
By switching a profile type between continuous andhistory you may temporary stop collecting data for a profile orcontinuing to collect data from a stopped profile. Note, that youwill loose all netflow data, when a profile is converted to a shadowprofile. When switching back, the data recording resumes at the timeof switching.
Alerts
Alerts allow you to execute specific actions based on specificconditions. An alert is defined by a filter applied to the 'live'profile, conditions, triggers and alert actions.
|Fig.Alert Flow
Creating Alerts
Alerts can be defined and viewed under the 'alert' tab, byclicking on the '+' icon.
Fig.New Alert
Complete the new alert dialogue:
FigNew Alert Dialogue
Alert Filter:
The alert filter is based onthe 'live' profile. Enter an appropriate filter here. Allfollowing conditions are based on the result of this filter.
Conditions:
Conditions are based either onthe flow summary or on the top 1 statistic. Conditions may be chainedtogether by adding additional conditions, using the '+' iconon the right. All conditions are logically linked 'or' .
FigAlert conditions flow summary
The conditions are based on the total number of flows,packets or bytes passing the resulting filter. The numbers can becompared to an absolute value, or relative to various time basedaverage values, which are automatically calculated. This allows tocreate easy adaptive filters, for detecting peaks.
Conditions may also be based on the top 1 statisticafter filtering the flows. These are the well known top N statisticsof nfdump.
Fig.Alert conditions top 1
Up to 6 conditions of either conditions type may belinked together.
Triggers
Whenever the overall conditionevaluates to true, the trigger conditions apply. Depending on theneeds a trigger may fire each time the overall condition is true, oronce only as long as the condition is true and may block triggeringfor a certain number of cycles thereafter.
Fig.Alert Trigger
If a trigger is set to 'Once only' it needs to rearmedmanually, once the trigger fired. This is done by clicking on the icon in the top right corner in the alert details page.
Fig.Arm 'Once Only' Trigger
Actions:
When a trigger fires, a certainactions can be executed. Most often you may want to send an email asan action. The action may also be disabled at all, to fine tune theconditions to optimize a certain alert.
Alert Status:
The alert status of each alert is visible as an overview in thealert tab, or on the top of each alert, when displaying the alert.The possible states be be:
This alert is not active and is not evaluated.
This alert is active, and is evaluated each cycle for the condition to met.
This alert is active and is evaluated each cycle. The last overall condition was true, but needs 3 conditions ( definable ) in a row to fire the trigger. So far one of tree conditions are true.
This alert is active and is evaluated each cycle. The trigger just fired in the last cycle and executed the action assigned to this alert,
This alert fired once only and is no longer active. The alert needs to be rearmed manually.
This alert is active, but blocked for 2 cycles ( definable ) after the trigger fired. Currently one of the two blocked cycles are already over.
Alert List
When clicking on the alert tab in the navigation bar,an overview of all alerts is show. An individual alert can be viewedin more details, when clicking on the looking glass of the alert inquestion. The alert list is automatically updated each cycle torefresh the state of all alerts.
Fig.Alert List
Alert details:
The alert details dialogue allows you to review andedit the alert. The alert can be modified by clicking on the editicon in the top left of the dialogue. All relevant input fields andselection boxes are enabled and can be changed as needed. The bottomhalf of the alert details view contains a graph with all calculatedaverage values as a result of the filter. This should help you tofind appropriate values for the conditions. A vertical cursor in thegraph shows at what time the alert triggered last. Up to 6 lasttrigger cursors are shown. Older triggers are removed again.
Fig.Alert Info
The table below the graph shows all average values ofthe last time-slot as numbers. The radio button allows you to switchbetween the flows, packets or bytes view. A summary of all conditionsas well as the resulting overall condition of the last cycle aredisplayed at the bottom of this table.
Alerts and plugins:
Alert conditions as well as alert actions can be based on customplugins. Check the Plugin Guide for a detailed description on how towork with plugins and alerts.
Max Bet Slot Winners
Bookmarks
Disabledsources 'upstream' and 'gateway'
Enabling or disabling channels re-scales the graphsaccording the remaining sources, you get a more detailed graph and adifferent resolution on the y-axis.
Graph Display Options
To view the details your are interested in, a graph may bedisplayed with different options:
Scale:
Linear y-axis
Logarithmic y-axis.
Graph Type:
Stacked: All sources are drawn on top of each other.
Line: All sources are drawn independent.
You may switch at any time the display option by clicking on theappropriate radio buttons in the lower right corner of the maingraph. You may spot more easily peaks in some of the sources byswitching to the line graph display option.
Fig.Line graph
Netflow Processing
Once you have selected the time windowof interest, you can process and filter the netflow data accordingyour needs, using the process form in the lower part of the window:
Select the netflow sources to process. You may select multiple sources.
Enter a netflow filter. The syntax conforms to the nfdump filter syntax.
Select any options for the analysis.
Click 'process'.
A default filter is supplied when a specific protocol is selected in the main graph. You may add any further filter expressions as needed.By just clicking process, a top 10 statistics of the any IP address ordered by flows is calculated. However, you may change this at any time.
The sources, the filter as well as all options from the processing form are compiled into the appropriate nfdump command. For convenience a short description of the filter syntax and options follows. More details are available in the nfdump(1) man page.
Filter Syntax
The filter syntax is similar to thewell known pcap library used by tcpdump. The filter can span severallines. Anything after a '#' is treated as a comment and ignored tothe end of the line. There is virtually no limit in length of thefilter expression. All keywords are case independent, unlessotherwise noted. For a complete filter syntax see the nfdump(1)man page.
Any filter consists of one or more expressions expr.Any number of expr can be linked together:
NamedFilters
An often used filter can be saved and used at any time later whileprocessing flows. To create such a custom filer, enter the filter inthe text box and click on the diskette symbol to save your filter.After successfully saved, the filter is available in the select box.The resulting filter is always the filter in the text box and thenamed filter, therefore logically linked 'and' . A namedfilter may be delete or edited at any time by selecting the filterand clicking on the appropriate icon – either edit, or delete. Thenamed filters are store in a file under BASEDIR/var/filters and canalso be changed there.
Fig.Default Filter
Options
When processing netflow data, there aretwo general options. Listing flows and creating a flow statistics.You can switch between the two options by clicking on the appropriatebutton. Depending on what you have selected, the panel automaticallyadapts to all available options.
List Flows | |
Limit to | List only the first N flows of the selected time slot |
Aggregate | Option to aggregate the flows. |
Sort | When listing flows from different channels/sources you may sort them according the start time of the flows. Otherwise the flows are listed in sequence of the selected channels. |
Output | Select one of the available formats to list the flows. The predefined formats 'line', 'long' and 'extended' are always available and correspond the the output formats of nfdump likewise. However, you may specify any time additional output formats by selecting 'custom ...'. Enter your own format now in the text input which appears. The format is equivalent to the format specification described in the nfdump(1) man page.
By clicking on the diskette symbol, you save your new format, which appears now in the selection menu, ready to use. |
Stat TOP N | |
Top | Limit the statistics to the first top N |
Stat | Select the statistics you want from the menu and the order option |
Aggregate | This option is only available for the flow record statistics and is equivalent to the aggregate option in List flows. See the description above. |
Limit | Limit the output only to those statistic lines whose packets or bytes match the specified limit. |
Output | This option is identical to the Output option in 'List flows' . See the description above. |
Note:
Depending on the size of your network, netflowprocessing may consume a lot of time and resources, when you select alarge time window and multiple resources.
IP Lookup
All IP addresses in the flow or statistic listing can be easilylooked up by clicking on the IP address. The result of thecyberwhois.org, maintained by Philippe Bourcier, is shown in a lookupbox.
Fig.IP Lookup
However, you may customize this lookup by creating yourown lookup. In the $LIBEXECDIR copy the module Lookup.pm toLookup_site.pm and change the Lookup function accordingto your own needs. Do not forget to change the module name to'Lookup_site'. Do not modify the original Lookup module, asany future NfSen update may overwrite your changes.
Profiles
A profile is a specific view on the netflow data. A profile isdefined by its name, type and one or more profilefilters, which are any valid filters accepted by nfdump.
Atleast the profile 'live' is always available and is used tostore your incoming netflow data without filtering. You can switchback and forth to any profile using the pull down menu in the upperright corner of the web page.
Fig.Profile Selection
Profile Types
A profile can be either of type History or Continuous.A history profile starts and ends back in the past and remainsstatic. It neither grows nor expires. A continuous profile may startin the past and is continually updated while new netflow data becomesavailable. It grows dynamically and may have its own expire valuesset. Old data expires after a given amount of time or when a certainprofile size is reached. Additionally a profile can be created as aShadow profile, which means no netflow data is collected, andtherefore saves disk space. A shadow profile accesses the data ofprofile 'live' when data processing is done with the properprofile filters applied first.
Continuous
| History
|
Continuous / Shadow
| History / Shadow
|
Profile Channels
A profile contains one or more profile channels. A profile channelis defined by its channel filter, colour, sign and order in which thechannel is displayed in the graph. A channel is based on one or morenetflow sources from the 'live' profile. The number ofchannels is independent of the number of netflow sources.
Fig.Profile Channels
Fig.Profile Examples
Creating profiles
Select the 'New profile ...' entry in the profile pulldown menu.
Completethe 'New Profile' form to start building the profile. By moving themouse over the '?' icon, a help text appears to guide youthrough the process of creating the profile.
Profiles may be grouped together for easier selection in theprofile menu. Select either an existing profile group, or create anew group according to your needs. There is no difference to otherprofiles other than grouping the profiles in the profile menu.
The profile type 'Continuous' or 'History' isautomatically detected according the 'Start' and 'End'values you enter. As profiles are created from netflow data fromprofile 'live', the start and end of the profile must fall inthe time range of the profile 'live'.
If you leave the 'Start' and 'End' inputs empty, a continuous profile is created and starts from the time the profile is created.
If you enter a 'Start' time but no 'End' time, a continuous profile is created. Data from the past up to to time, the profile is created is profiled and updated immediately when the profile is created.
If you enter a 'Start' and 'End' time a history profile is automatically created.
Expire / Max Size
A continuous profile may expire due tothe age of the data or the profile size used on disk. Expiring startswhenever one of the two limits is reached. Expiring ends at theconfigured value $low_water ( in % ) in the config filenfsen.conf. By setting any of these values to 0, the limit does notapply.
1:1 Profile
For compatibility with NfSen version 1.2.x aprofile with 1:1 channels may be created, which means, that for everynetflow source in the live profile a corresponding channel in theprofile will be automatically created. The selected sources and thefilter in the profile create dialogue are taken for this 1:1 profile.This is the easiest type of a profile.
Individual Channels
For new style profiles select thisoption. In the 'new profile' dialogue entries for netflow sources aswell as for the common filter disappears, as these parameters are nowindividual for each channel and entered in the channel dialogue.
Fig.Successful creation of a new profile with individual channels.
Creating channels
After the profile has beensuccessfully created, one or more channels can be added now byclicking on the '+' icon at the right hand side of the'Channel List'.
Fig.Channel Dialogue
The parameters colour, sign and order are used to display thechannel correctly in the graph. The filter as well as the netflowsources are needed to correctly profile the channel. The procedure ofadding a channel to a new profile can be repeated as often asrequired to complete the profile. When all channels are added the newprofile must be committed to activate the new profile. This is doneby clicking on the checkmark on the right hand side of the 'Status'line.
Fig.Commit new profile
Once the profile is committed, the build process starts ifrequired. Depending on how long back in the past the profile starts,this can take a considerable amount of time. You can follow the buildprocess by looking at the progress bar, showing you the percentage ofcompletion. This progress bar is updated automatically every 5seconds. Note: There are no graphs available in the profile as longas the profile is not completely built.
Fig.Progress of building the profile
Please note: For the 'live' profile, channelshave to be configured in nfsen.conf.
Managing Profiles
Profiles can be modified by selecting the 'Stat' tab of theprofile and click on any of the available edit icons of the desired parameter. By clicking on the edit icon of a channel,you may modify the requested channel. All changes will affect theprofile immediately. You may also add or delete channels in acontinuous profile. However, please note, that adding a new channelto an already existing profile will not rebuild any data for thischannel for data in the past. Deleting a channel or the entireprofile may be done by clicking on the trash icon.
Converting Profiles
Profile may be converted into another type as desired. However,not all conversions are possible. The figure below shows and explainsthe possible conversions.
Fig.Profile conversion
By switching a profile type between continuous andhistory you may temporary stop collecting data for a profile orcontinuing to collect data from a stopped profile. Note, that youwill loose all netflow data, when a profile is converted to a shadowprofile. When switching back, the data recording resumes at the timeof switching.
Alerts
Alerts allow you to execute specific actions based on specificconditions. An alert is defined by a filter applied to the 'live'profile, conditions, triggers and alert actions.
|Fig.Alert Flow
Creating Alerts
Alerts can be defined and viewed under the 'alert' tab, byclicking on the '+' icon.
Fig.New Alert
Complete the new alert dialogue:
FigNew Alert Dialogue
Alert Filter:
The alert filter is based onthe 'live' profile. Enter an appropriate filter here. Allfollowing conditions are based on the result of this filter.
Conditions:
Conditions are based either onthe flow summary or on the top 1 statistic. Conditions may be chainedtogether by adding additional conditions, using the '+' iconon the right. All conditions are logically linked 'or' .
FigAlert conditions flow summary
The conditions are based on the total number of flows,packets or bytes passing the resulting filter. The numbers can becompared to an absolute value, or relative to various time basedaverage values, which are automatically calculated. This allows tocreate easy adaptive filters, for detecting peaks.
Conditions may also be based on the top 1 statisticafter filtering the flows. These are the well known top N statisticsof nfdump.
Fig.Alert conditions top 1
Up to 6 conditions of either conditions type may belinked together.
Triggers
Whenever the overall conditionevaluates to true, the trigger conditions apply. Depending on theneeds a trigger may fire each time the overall condition is true, oronce only as long as the condition is true and may block triggeringfor a certain number of cycles thereafter.
Fig.Alert Trigger
If a trigger is set to 'Once only' it needs to rearmedmanually, once the trigger fired. This is done by clicking on the icon in the top right corner in the alert details page.
Fig.Arm 'Once Only' Trigger
Actions:
When a trigger fires, a certainactions can be executed. Most often you may want to send an email asan action. The action may also be disabled at all, to fine tune theconditions to optimize a certain alert.
Alert Status:
The alert status of each alert is visible as an overview in thealert tab, or on the top of each alert, when displaying the alert.The possible states be be:
This alert is not active and is not evaluated.
This alert is active, and is evaluated each cycle for the condition to met.
This alert is active and is evaluated each cycle. The last overall condition was true, but needs 3 conditions ( definable ) in a row to fire the trigger. So far one of tree conditions are true.
This alert is active and is evaluated each cycle. The trigger just fired in the last cycle and executed the action assigned to this alert,
This alert fired once only and is no longer active. The alert needs to be rearmed manually.
This alert is active, but blocked for 2 cycles ( definable ) after the trigger fired. Currently one of the two blocked cycles are already over.
Alert List
When clicking on the alert tab in the navigation bar,an overview of all alerts is show. An individual alert can be viewedin more details, when clicking on the looking glass of the alert inquestion. The alert list is automatically updated each cycle torefresh the state of all alerts.
Fig.Alert List
Alert details:
The alert details dialogue allows you to review andedit the alert. The alert can be modified by clicking on the editicon in the top left of the dialogue. All relevant input fields andselection boxes are enabled and can be changed as needed. The bottomhalf of the alert details view contains a graph with all calculatedaverage values as a result of the filter. This should help you tofind appropriate values for the conditions. A vertical cursor in thegraph shows at what time the alert triggered last. Up to 6 lasttrigger cursors are shown. Older triggers are removed again.
Fig.Alert Info
The table below the graph shows all average values ofthe last time-slot as numbers. The radio button allows you to switchbetween the flows, packets or bytes view. A summary of all conditionsas well as the resulting overall condition of the last cycle aredisplayed at the bottom of this table.
Alerts and plugins:
Alert conditions as well as alert actions can be based on customplugins. Check the Plugin Guide for a detailed description on how towork with plugins and alerts.
Max Bet Slot Winners
Bookmarks
While working with NfSen, you may wantto bookmark the current situation for later use or to send it as alink to a friend. The bookmark link at the top right of the page,allows you to do that.
Fig.Bookmark
Clicking on the link places the bookmark URL into the URL inputfield of your browser, allowing you to add this link to your bookmarkcollection. Many browsers also allow you 'right click' a link to copythe link location for pasting it in another application.
NfSen may be extended with plugins to fit additional needs.Plugins may be selected from the navigation bar.. For a detailedexplanation about plugins and how to write plugins, see the detailedPlugin Writers Guide.
Example: Port tracker plugin:
FigPort tracker
The command line tool 'nfsen' in the BASEDIR/bindirectory works hand in hand with the frontend. It's used to createand manage profiles as you can do with the frontend in the 'Stat'tab. Use nfsen --help to see all options available for nfsen.If you create or delete a profile on the command line, thechanges may not be instantly visible in the web browser. Switching tothe 'Stat' tab updates the application cache and the profilemenu. A separate nfsen command line guide should be available soon.