Data processing#
Endpoint Analytics’ data processing settings control how the system collects, stores, and otherwise manages data globally. These settings can be configured by selecting Data Processing from the Configuration menu group in the web interface.
The Configure Data Processing page is divided into six sections:
Database maintenance#
The settings under the Database Maintenance section of the data processing configuration page control if and how often the system purges the different types of endpoint data it collects. These can be used to automatically purge unused data from the system at regular intervals.
By default, most of the values will be set to 0, which means all endpoint data of those types will be retained by the system indefinitely.
The following table lists all of the settings under the Database Maintenance section:
Setting |
Description |
Unit |
Default |
|---|---|---|---|
Endpoint Timeout |
Amount of time before an inactive endpoint is flagged as retired and removed from primary endpoint views (endpoint data will be purged, but historical data will be retained for the configured historical limit) |
Days |
0 |
Endpoint Removal |
Amount of time before a retired endpoint and any retained data associated with it are permanently purged from the database |
Days |
0 |
Port Timeout |
Amount of time before an endpoint whose location (switch/port) has not been updated has its location data removed |
Hours |
0 |
ARP Timeout |
Amount of time before an endpoint whose IP-to-MAC has not been refreshed via any of Endpoint Analytics’ collection mechanisms has its IP-to-MAC mapping data cleared from the database |
Hours |
0 |
Wireless Timeout |
Amount of time before data for an endpoint that was discovered through a wireless access point will be retained without any updates to that data |
Hours |
0 |
Historical Limit |
Amount of time that the system stores historical endpoint data (MAC history by port/IP/profile) for MAC-discovered endpoints, regardless of the endpoint’s current state (active or retired) |
Days |
30 |
Event History |
Amount of time that the system retains historical event data for an endpoint in the database |
Months |
12 |
Custom Data Auto Removal |
When toggled on, custom data objects are automatically deleted when the associated endpoint is removed from the system |
N/A |
Off |
Network mapping#
The following settings under the Network Mapping section of the data processing configuration page can be used to control how the system collects data using certain protocols or methods:
CDP Exclusion
List of Cisco Discovery Protocol (CDP) data strings that will be excluded from the system’s default behavior of designating CDP-enabled NID ports as trunks
LLDP Exclusion
List of Link Layer Discovery Protocol (LLDP) data strings that will be excluded from the system’s default behavior of designating ports on LLDP-enabled NIDs as trunks
Note
The CDP and LLDP exclusion lists can be updated via a local file (obtained from Plixer Support) or the CDN server (requires an Internet connection) using the buttons below each setting. The third button will revert them to the default exclusion lists stored on the appliance.
Trust Cisco MAC Notification Trap
If this checkbox is ticked, the system will accept endpoint data in Cisco and Enterasys MAC notification traps without initiating an SNMP poll for bridge MIB information upon receiving the trap (enabled by default)
Verify Cisco MAC Notification Trap
If this checkbox is ticked, the system will verify an endpoint’s location information during subsequent polls after receiving a Cisco or Enterasys MAC notification trap (disabled by default)
Hint
When both enabled, the CISCO MAC notification trap settings can greatly reduce SNMP traffic on the network, but are only recommended when community string verification has been enabled for traps.
Active Directory#
The Active Directory section of the data processing configuration page contains the following additional settings for collecting Active Directory data:
Ignore Disabled Computer Objects: When this setting is enabled, all disabled AD computer objects are ignored when performing AD lookups. This setting is disabled by default.
Allow DNS for Active Directory Linking: This setting enables the use of DNS hostnames (in addition to DHCP-derived hostname data) when performing AD computer object lookups. This setting is disabled by default.
AD DHCP Data Association Fade: Indicates the number of days that the system will continue to use a DHCP hostname for AD lookups even when the DNS hostname data is more recent. The default value is set to 0, which means that the DHCP hostname will always be prioritized over DNS data, regardless of the former’s age.
Hostname to MAC Address Association Limit: Sets the number of MAC addresses that can be associated with a single hostname for endpoints that have multiple network interfaces. The default value is 2.
Advanced options#
The Advanced Options section of the data processing configuration page contains additional settings for several of Endpoint Analytics’ specialized features.
Instant Lookup#
The Instant Lookup feature enables the system to perform on-the-fly DNS or Active Directory queries to collect supplemental information right as a client connects instead of relying on a polling cycle to capture data. Discovered endpoints will immediately trigger a DNS or AD lookup if there are no others in the queue. This results in improved speed and accuracy when assigning profiles to newly discovered endpoints.
This feature requires Endpoint Analytics to receive DHCP request packets (via a SPAN of DHCP server traffic or IP Helper configured on routers) and will initially rely on an endpoint’s DHCP hostname to query DNS servers.
The following settings are used to configure Instant Lookup:
Active Directory Query Queue - Sets the amount of time that an endpoint will wait in queue before being released for AD Instant Lookup (default: 15 seconds)
DNS Query Queue - Sets the amount of time that an endpoint will wait in queue before being released for DNS Instant Lookup (default: 15 seconds)
DHCP Client Vendor Inclusion - List of DHCP client vendors (in regular expressions) whose endpoints will be subject to Instant Lookup (click the Default DHCP Client Vendor Inclusion List button to revert to the default list)
Bypass DHCP Client Vendor Inclusion List - Enables DNS-based Instant Lookup for all client vendors (disabled by default)
Miscellaneous#
The Miscellaneous section of the data processing configuration page contains additional settings that control how Endpoint Analytics collects and/or processes data in specific scenarios.
Ignore PXE#
Ticking this checkbox will instruct the Endpoint Profiling Engine to discard all PXE-related traffic and can significantly reduce database processing and storage overhead in environments that boot from remote images over the network.
Re-mapping and re-modeling#
It is not necessary to restart the Endpoint Analytics appliance for most changes to the system configuration to take effect after they are saved. Instead, the system functions affected by the changes can be re-initiated manually using the buttons on the Configure Data Processing page.
Re-map#
Instructs the system to immediately poll all NIDs and update the network topology map maintained in the database
Re-model#
Instructs the system to re-evaluate and reassign profiles to all endpoints based on the current information in the database
Individual endpoints are modeled automatically upon discovery, but a full re-model is required when new profiles or events are added/removed or enabled/disabled.
When either button is clicked, a message confirming that the process has been initiated will be displayed. Re-mapping and re-modeling may take several minutes for very large systems, large databases, and/or complex configurations, and it is normal for resource usage on the appliance to peak during the process.