| 摘要 |
A system couples to a network and monitors activity thereon. The system comprises one or more capture modules. Each capture module comprises a collection, statistical, and analysis modules. The collection module collects flow records from an observation point within the network, wherein the flow records are collected per a first set of configuration parameters. The statistical module generates a statistical result from the flow records as each flow record is collected, wherein the statistical result is generated per a second set of configuration parameters. The analysis module analyzes the statistical result to monitor network activity associated with the observation point, wherein the statistical result is analyzed per a third set of configuration parameters. The first, second and third sets of configuration parameters can generally be modified at any time, after abnormal activity is detected, to alter a magnification level by which a subset of the network activity is monitored.
|
