User guide

Tue Jul 18 13:30:39 - TFM-TCP_Session_Partial[9492|0]:192.168.1.4:21766 ->

192.168.1.5:2832|1153243809|1153243809|0

Tue Jul 18 13:31:05 - TFM-TCP_Session_Partial[0|757]:192.168.1.2:4136 ->

192.168.1.3:80|1153243835|1153243835|0

Available fields within this raw output include (from left to right):

 Alert date/time

 Alert name

 [Bytes downloaded|Bytes uploaded]

 Source IP:port

 Destination IP:port

 Start time (Unix timestamp)

 End time (Unix timestamp)

 Length of session (in seconds)

Running the tfmd binary with the –h switch will provide a list of the available command line options as shown here:

[root@linux]# /opt/netflow_monitor/tfmd -h

usage: ./tfmd [ -v ] [ -e ] [ -f <pcap file> ] [ -p <port> ]

-v Display version information and exit

-e Enable event reporting on the terminal.

All events reported to the LCE server are also printed to the screen.

-f Allows the user to feed a pcap file to the agent as the event source,

in lieu of using live NetFlow data.

-p Allows the user to specify the live NetFlow traffic port on the

command line.

This is the same as, and will override, netflow-server-port in the

tfm.conf file.

-h Display this help information and exit.

Tenable Network Monitor

The Tenable Network Monitor (TNM) is designed to monitor network traffic and send session information to the LCE

server. It can also sniff syslog messages sent from one point to another and treat them as if they were originally sent

directly to the LCE. The following is an example of the tnm.conf configuration file:

# If using an LCE 4.x server, configure this file with the appropriate server

information.

# After the first run, the client will be configured strictly from the Client Manager.

# If using an LCE 3.x server, replace this file with the tnm.conf.v3_server file,