Processing flow records – H3C Technologies H3C Intelligent Management Center User Manual

2

3.

Configure source data devices or probes.
If you choose Flow, NAT, NetStream, or NetFlow for generating flow records, configure the
corresponding flow-based traffic statistics technology on the devices that will generate flow
records. For more information, see related configuration guide of your device. Make sure the

source data devices and the UBA server can reach from each other.
If you choose the DIG probe for generating flow records, deploy a DIG probe in the network and
configure port mirroring on the device to mirror the traffic to be analyzed to the probe. Make sure

the DIG prove and the UBA server can reach from each other. For more information about

deploying a probe, see HP IMC Probe Installation Guide.

4.

Configure the UBA server.
For the UBA server to receive flow records from a device, add the device to UBA and select the

device in the server configuration.
For the UBA server to receive flow records from a probe, add the probe to UBA, select the probe
in the server configuration, and configure FTP parameters. You must set up an FTP server on the

same host as the UBA server. The probe server uploads the probe traffic logs to the UBA server by

using FTP.

5.

Deploy the server configuration.

Processing flow records

UBA processes flow records according to configurations of various functions of UBA, such as device

management or probe management, server configuration, audit task management, application

management, and filter strategy management. For example, UBA process or discards received flow

records according to filter strategies and audits flow records according to predefined and custom

applications.