Eventia Network Activity Reports - How Reliable?

[Fulvio]

Hi all,

I have been running network activity reports to try and understand what is going through the firewall and if I can relate that to CPU utilization.

One thing you get out from the network activity reports is the number of connections. When I tried to look closely at the number of connections during an high CPU utilization period and I had some "strange" results.

between 12:00 and 12:59 121K connections in agreement with the daily report
but when I looked at smaller interval I was concerned about the reliability of the results, this is what I got from the reports:
12:00 and 12:05 65K
12:05 and 12:55 53K
12:55 and 12:59 4K
The total is exactly 121K but is the distribution of connection I am concerned about.
How can I confirm that the data reported by Eventia are correct and I did have 65K connections in 5 minutes and 53K connections in 50?
Also between 12:00 and 13:00 it reported 177K connections, in 1 minute 56K connections more. Again, could that be normal?

[chillyjim]

The date from EVR on a 5+ minute resolution should be very good, less than 5 minutes, well that can get a little off depending on load, latency and the like.

As to normal, There is no normal except your own, every place is different.

Try just running the report with 5 minute resolution for a few days and see if it tracks.

[Fulvio]

Thanks chillyjim