Insight User Guide · office, as well as historical data for comparisons when issues arise. With Savvius Insight installed at each office, the IT manager can track all offices from

User Guide

TM

Insight_UG.book Page i Thursday, January 25, 2018 11:55 AM

Insight_UG.book Page ii Thursday, January 25, 2018 11:55 AM

Copyright © 2018, Savvius, Inc. All rights reserved. Information in this document is subject to change without notice. No part of this document may be reproduced or transmitted in any form, or by any means, electronic or mechanical, including photocopying, for any purpose, without the express written permission of Savvius, Inc.

AiroPeek SE, AiroPeek NX, AiroPeek VX, Compass Live, EtherPeek SE, EtherPeek NX, EtherPeek VX, Gigabit Analyzer Card, GigaPeek NX, iNetTools, NAX, NetDoppler, NetSense, Network Calculator, Omni³, Omni Capture Engine, Omni Desktop Engine, Omni DNX Engine, OmniAdapter, OmniAdapter 10G, OmniAdapter 10G MX, OmniEngine Desktop, OmniEngine Enterprise, OmniEngine Manager, OmniEngine Workgroup, Omni Management Console, Omni PacketGrabber, Omni Virtual Network Service, Omnipeek, Omnipeek Basic, Omnipeek Connect, Omnipeek Enterprise, Omnipeek Enterprise Connect, Omnipeek Insight, Omnipeek Personal, Omnipeek Professional, Omnipeek Remote Assistant, Omnipeek Workgroup, Omnipeek Workgroup Pro, Omnipeek Personal, Omnipliance, Omnipliance C100, Omnipliance Core, Omnipliance CX, Omnipliance Edge, Omnipliance M200, Omnipliance MX, Omnipliance Portable, Omnipliance SuperCore, Omnipliance T300, Omnipliance TL, Omnipliance Ultra, Omnipliance WiFi, OmniStorage, OmniSpectrum, OmniVirtual, OmniWatch, PacketGrabber, Peek DNX, ProConvert, ProtoSpecs, RFGrabber, RMONGrabber, Savvius, Savvius Academy, Savvius Insight, Savvius Spotlight, Savvius Spotlight Appliance, Savvius Vigil, TimeLine, TimeLine Network Recorder, WAN Analyzer Card, WANPeek NX, WatchPoint, WildPackets, WildPackets Academy, WildPackets Compass, and WildPackets OmniAnalysis Platform are trademarks of Savvius, Inc. All other trademarks are the property of their respective holders.

Savvius, Inc. reserves the right to make changes in the product design without reservation and without notification to its users.

Contacting Savvius

Mailing Address

Savvius, Inc. 1340 Treat Blvd., Suite 500 Walnut Creek, CA 94597

Voice/Fax

8 AM - 5 PM (PST) (925) 937-3200 (800) 466-2447 (US only) Fax: (925) 937-3211

Sales

[email protected]

Web

https://www.savvius.com

Technical Support

https://www.savvius.com/support

Resources

See https://www.savvius.com/resources for white papers, tutorials, technical briefs and more.

ii

mailto:[email protected]


https://www.savvius.com/support

https://www.savvius.com/resources

1

Insight_UG.book Page iii Thursday, January 25, 2018 11:55 AM

Developer Community

To join the Savvius Developer Network and gain access to product plug-ins, plug-in wizards, and API documentation, please visit https://mypeek.savvius.com.

Compliances

CE

This product has passed the CE test for environmental specifications. Test conditions for passing included the equipment being operated within an industrial enclosure. In order to protect the product from being damaged by ESD (Electrostatic Discharge) and EMI leakage, we strongly recommend the use of CE-compliant industrial enclosure products.

FCC Class B

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a residential environment. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a commercial area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.

VCCI

This is a Class B product based on the standard of the Voluntary Control Council for Interference from Information Technology Equipment (VCCI). If this is used near a radio or television receiver in a domestic environment, it may cause radio interference. Install and use the equipment according to the instruction manual.

About Savvius, Inc.

Savvius offers a range of powerful software and appliance products that provide unparalleled visibility for rapid resolution of network performance problems and security investigations. Savvius products are trusted by network and security professionals at over 6,000 companies in 60 countries around the world. Visit https://www.savvius.com for information about Savvius Omnipliance®, Savvius Omnipliance Ultra™, Savvius Spotlight™ Appliance, Savvius Omnipeek®, Savvius Vigil™, and Savvius Insight™, and to learn about Savvius technology and channel partners. Follow us on Twitter, Facebook and LinkedIn.

20180125_IN_22a

iii


https://twitter.com/savviusinc

https://www.facebook.com/savvius

https://www.linkedin.com/company/savvius

https://mypeek.savvius.com

Insight_UG.book Page iv Thursday, January 25, 2018 11:55 AM

iv

1

Contents

Insight_UG.book Page v Thursday, January 25, 2018 11:55 AM

About Savvius Insight. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Customer use cases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1

Remote office networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Managed Service Providers (MSPs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Small businesses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2VoIP troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

What’s included . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Hardware summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

Supported browsers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Savvius Insight workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Installing Savvius Insight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Connecting cables to the front and back panels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Front panel features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5Back panel features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

Starting / shutting down Savvius Insight. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Initial configuration using the configuration utility . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Upgrading Savvius Insight software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Savvius Insight actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Connecting to Savvius Insight through the serial port. . . . . . . . . . . . . . . . . . . . . . . . 19Using Savvius Insight for long-term reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Savvius network dashboards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Logging into the Savvius network dashboards . . . . . . . . . . . . . . . . . . . . . . . . . . 22Remote server IP address and port in configuration utility . . . . . . . . . . . . . . . 23Use ‘BRIDGED’ ports for long-term reporting . . . . . . . . . . . . . . . . . . . . . . . . . 23Importing Savvius network dashboards to the remote server . . . . . . . . . . . . . 23Enabling Health dashboard support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Using Savvius Insight and Omnipeek for Savvius Insight . . . . . . . . . . . . . . . . . . . . . 24Main program window and Start page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25How to start a capture on Savvius Insight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Capture window views. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Limit capture-to-disk to preserve SSD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Solving problems using Omnipeek for Savvius Insight . . . . . . . . . . . . . . . . . . . . . . . 35Where do I start?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Who’s using my network, and how? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37How is my network performing?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39How do I get a single view of who’s talking to whom?. . . . . . . . . . . . . . . . . . . . 42

v

Contents

Insight_UG.book Page vi Thursday, January 25, 2018 11:55 AM

How do I save a file to share with someone else? . . . . . . . . . . . . . . . . . . . . . . . . 44Self-support portal for Savvius Insight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Technical specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

vi

Insight_UG.book Page 1 Thursday, January 25, 2018 11:55 AM

Savvius Insight

About Savvius InsightSavvius Insight™ is a compact, quad-core, six-port, mini network appliance that has no fan or other moving parts, and fits easily into a wiring closet. It includes bridge ports for monitoring the location’s Internet connection, and three additional ports for monitoring internal networks. Savvius Insight provides built-in long-term reporting and web-based dashboards for analyzing and displaying network statistics over long periods. Savvius Insight can also be used for packet level network and application troubleshooting by connecting directly to it with Savvius Omnipeek. By installing Savvius Insight in each remote office, network administrators can easily and affordably gain insight into the performance and security of the network and applications at all locations under management. Savvius Insight makes enterprise-class network analytics available in areas that have been under-served until now. Savvius Insight is available in two configurations:

• Savvius Insight: 8 GB RAM, 256 GB SSD storage

• Savvius Insight Plus: 16 GB RAM, 1 TB SSD storage

Customer use cases

Remote office networks

In large corporate networks, Savvius Insight complements larger Savvius monitoring appliances in areas of the network with lower utilization, where you often don't have good visibility. In these situations, help desk team members can use Savvius Insight for 24x7 monitoring of the health of remote networks with powerful, customizable, and easy to use web-based dashboards. When problems are identified that require packet level troubleshooting, protocol analysts in the TAC team can use Savvius Omnipeek network analysis software to connect directly to the devices and perform packet capture and packet-level analysis. Savvius Insight can also be used to perform multi-segment analysis with larger Savvius appliances.

1

Savvius Insight User Guide


Managed Service Providers (MSPs)

Savvius Insight is also perfect for managed IT service providers. Managed Service Providers manage networks and IT infrastructure for clients, typically with 5-50 employees per client. Savvius Insight lets managed service providers decrease Mean Time To Resolution (MTTR) for customers and increase their awareness of when problems are brewing, while at the same time reducing costs. To accomplish this, managed service providers install Savvius Insight at each customer location. Managed service providers can log into each of the systems at any time to see the current status of the client's networks. Managed service providers can also define alarms and alerts on key performance indicators (KPIs) and have notifications sent each time an alert is triggered. If a problem is detected or an alert is received, the IT service provider can connect quickly to see what the problem is.

Small businesses

Savvius Insight is well suited for small offices that outsource IT management, like accountants, insurance agents, and medical professionals. They have one shared IT manager who spends too much time going from office to office to address typical networking problems, like a slow network or users having trouble connecting. The IT manager needs remote visibility into each office, as well as historical data for comparisons when issues arise. With Savvius Insight installed at each office, the IT manager can track all offices from a single location, using Insight's built-in long-term network monitoring capabilities, and Savvius Omnipeek for Savvius Insight for network troubleshooting. By reviewing collected data, the IT manager can determine the source of most problems in near real-time, and perform quick daily audits to assure overall reliability and user satisfaction in each office.

VoIP troubleshooting

Two ELK VoIP dashboards (Calls and Media) are available with Savvius Insight Plus. The dashboards are extremely useful for monitoring and troubleshooting VoIP traffic: use the Calls dashboard to see the volume, duration, endpoints and gatekeeper of the call, the overall quality of calls, and more. For even more detail, the Media dashboard provides access to all available quality scores for each media flow. Analyze MOS and R Factor scores, one-way delay, packet loss, and jitter.

This Savvius Insight User Guide explains how to install and begin using Savvius Insight. For additional information on using Savvius Insight, visit https://insight.savvius.com.

2 About Savvius Insight

https://insight.savvius.com



What’s includedYour standard Savvius Insight package includes:

• Savvius Insight appliance

• Savvius Capture Engine software pre-installed in Savvius Insight

• Savvius Insight Quick Start Guide

• AC power adapter and cord

• Rubber feet (4)

Hardware summary

Here is a summary of the hardware for the Savvius Insight:

• Quad-core 2.4 GHz Intel Atom processor

• 256 GB or 1 TB SSD

• 8 GB or 16 GB RAM

• Two USB 2.0 ports

• Serial port (with RJ45 physical connection)

• Management port

• Three Ethernet ports

• Two bridge ports

• External power adapter

Supported browsersSavvius Insight works with the following supported browsers:

• Google Chrome (v63.0.3239.132 and above)

• Microsoft Edge (v41.16299.15.0 and above)

• Mozilla Firefox (v57.0.4 and above)

Note A self-signed certificate may result in connection issues when running Savvius Insight with Microsoft Edge and Mozilla Firefox browsers.

What’s included 3



Savvius Insight workflowSavvius Insight is simple and easy to use! Here are the steps to get you started:

1. Install Savvius Insight. See Installing Savvius Insight on page 4.

2. Connect cables to the front and back panels of Savvius Insight. See Connecting cables to the front and back panels on page 5.

3. Power on Savvius Insight. See Starting / shutting down Savvius Insight on page 9.

4. Configure the initial settings for Savvius Insight. See Initial configuration using the configuration utility on page 9.

• If you are using Savvius Insight to collect data for the built-in local reporting server, make sure Local is selected as the reporting option in the configuration utility. For more information on using Savvius Insight with a local reporting server, see Using Savvius Insight for long-term reporting on page 20.

• If you are using Savvius Insight to forward packet data to a remote Elasticsearch server, make sure Remote Elasticsearch is selected and configured as the reporting option in the configuration utility. For more information on using Savvius Insight with a remote Elasticsearch server, see Using Savvius Insight for long-term reporting on page 20.

5. If you are using Omnipeek for Savvius Insight software to start packet captures, and to analyze the packet files that are captured and saved on Savvius Insight, install the optional Omnipeek for Savvius Insight software on a Windows computer. For more information on using Omnipeek for Savvius Insight, see Using Savvius Insight and Omnipeek for Savvius Insight on page 24.

Installing Savvius InsightTo install Savvius Insight:

1. Determine the location of where to install Savvius Insight. Here are some guidelines for determining the location:

• The most common installation location is to install Savvius Insight somewhere between your cable modem (Internet connection) and the LAN. One of the bridge ports on Savvius Insight is connected to the cable modem, while the other bridge port is connected to the LAN.

• You will need to initially configure Savvius Insight via the ‘0 MGMT’ port using another computer. Make sure you have easy access to Savvius Insight so that you can connect the network to the ‘0 MGMT’ port on Savvius Insight.

4 Savvius Insight workflow



• It is also possible to connect Savvius Insight with a single Ethernet cable to a port on a router configured as a SPAN port, or to a TAP. Make sure you have easy access to these connections.

2. Place Savvius Insight on a flat surface.

CAUTION! Do not place anything on top of or directly next to Savvius Insight. Any obstructions to the heat sink located on top of Savvius Insight can cause the unit to overheat.

3. Attach the rubber feet to the bottom of Savvius Insight.

4. Attach the power adapter by screwing in the connector on the adapter to the power-in socket on the back panel.

5. Plug the other end of the power adapter to an AC outlet.

Connecting cables to the front and back panelsConnecting cables to the front and back panels, as well as the LED states on Savvius Insight are described below.

Front panel features

• Serial Port: The serial port lets you connect to another computer terminal for advanced diagnostics or recovery access using an RJ-45 to DB-9 serial console cable (not included

SSD/Status/Power LEDs

0 MGMT Port 4–5 BRIDGED Ports

USB 2.0 Ports

1 Port 2 Port 3 Port

Serial Port

Port LEDs

Connecting cables to the front and back panels 5



with Savvius Insight). The RJ-45 connector on the console cable is connected to the serial port on Savvius Insight, and the DB-9 (male) connector on the console cable is connected to the DB-9 (female) serial port on the computer terminal. See Connecting to Savvius Insight through the serial port on page 19.

Note Many computers do not have a DB-9 serial port. Make sure the computer terminal you are using has one. If necessary, you can obtain and install a USB to COM adapter on the computer terminal.

6 Connecting cables to the front and back panels



• SSD/Status/Power LEDs:

• SSD: If the LED blinks, it indicates data access activities; otherwise, it remains off.

• Status: When Savvius Insight is first powered on, the LED momentarily blinks green, and then remains off.

• Power: If the LED is on it indicates that the system is powered on. If it is off, it indicates that the system is powered off.

• USB 2.0 Ports: The USB ports are reserved for future expansion.

• ‘0 MGMT’ port: This Ethernet port is the management port that lets you configure Savvius Insight (see Initial configuration using the configuration utility on page 9). Connect a standard Ethernet cable from your network to the ‘0 MGMT’ port.

• ‘1 – 3’ ports: These Ethernet ports are used for capturing packets from your network. Connect a standard Ethernet cable from your network to the desired port on Savvius Insight.

• ‘4 – 5 BRIDGED’ ports: These Ethernet ports are configured as a bridge and are used when you want to insert Savvius Insight in-line between two network devices. This configuration allows the capture of traffic flowing between the two network nodes without requiring a tap. In this implementation, packets enter Savvius Insight through one of the bridge ports, and then exit Savvius Insight through the remaining bridge port. Essentially, any traffic that gets to one bridge port is copied to the other bridge port. In cases where power is turned off or is lost to Savvius Insight, the two bridge ports are connected as if they are a wire (‘fail to wire’), so Internet connectivity is not lost. To establish the bridge, connect standard Ethernet cables so that Savvius Insight is between your cable modem (Internet connection) and the LAN. One of the bridge ports on Savvius Insight is connected to the cable modem, while the other bridge port is connected to the LAN. Both bridge ports must be connected in this fashion in order to properly establish the bridge.

CAUTION! Do not connect each of the bridge ports to the same IP routed network; otherwise, a routing loop is created, and can cause the network to be inoperable.

Note If you are using Savvius Insight to forward data to the local built-in server, or to a remote Elasticsearch server, captures are automatically started on the bridge ports, and the data is forwarded to the server configured in the configuration utility. See Initial configuration using the configuration utility on page 9.

Front panel features 7



• Port LEDs: The two LEDs on the bottom of ports 0–5 light to indicate activity. A green and yellow LED light to indicate a connection has been established. A flashing yellow LED indicates data access activities.

Back panel features

• Reset Button: Insert a paper clip, and press and hold the reset button for three seconds to reset Savvius Insight to its factory settings. You will lose all saved settings and data on Savvius Insight when it is reset to its factory settings. Once Savvius Insight has reset, you will need to run the configuration utility again as described in Initial configuration using the configuration utility on page 9.

Note You can also perform a factory reset from the Actions dialog. See Savvius Insight actions on page 17.

• Power-on button with LED: Press to power-on or power-off Savvius Insight. When in Standby mode, the LED lights red; in Power-on mode, the LED lights green; when Off, the LED does not light.

Note You can also power off Savvius Insight from the Actions dialog. See Savvius Insight actions on page 17.

• Power-in Socket: Connects to the screw-on connector on the power adapter included with Savvius Insight.

Reset Button Power-on Button with LED

Power-in Socket

8 Connecting cables to the front and back panels



Note Make sure the screw-on connector on the power adapter is connected to the Power-in Socket on Savvius Insight before the power adapter is plugged into an AC power source.

Starting / shutting down Savvius InsightTo start Savvius Insight, do the following:

• Press the power-on button on the back panel of Savvius Insight.

To shutdown Savvius Insight, do one of the following:

• Press the power-on button briefly on the back panel of Savvius Insight.

• Click the actions link at the top of the configuration utility to display the Actions dialog, and then select the Powering Off option.

CAUTION! When shutting down Savvius Insight, pressing the power-on button briefly performs a clean shutdown of Savvius Insight. Holding the button down for several seconds results in Savvius Insight doing an immediate shutdown, causing data loss. This operation is only to be used if Savvius Insight becomes unresponsive.

Initial configuration using the configuration utilityThe configuration utility on Savvius Insight lets you configure device, network, time settings, and reporting options.

Important! Savvius Insight comes pre-configured to obtain its IP address via DHCP. The IP address is required to configure Savvius Insight, as described below. If you are not familiar with how to look up the IP address assigned to Savvius Insight, please obtain the IP address from your network administrator. The MAC address on the bottom of Savvius Insight is useful in determining the corresponding IP address.

Note If an IP address is not assigned to Savvius Insight by the DHCP server within two minutes of being connected to the network, Savvius Insight defaults to a static address of 192.168.1.21.

To initially configure Savvius Insight using the configuration utility:

1. Connect the ‘0 MGMT’ port on Savvius Insight to your network router or switch with an Ethernet cable.

Starting / shutting down Savvius Insight 9



2. From a browser window on a computer connected to the same network as Savvius Insight, enter the IP address for Savvius Insight in the URL box. The Savvius Insight Login screen appears.

• Username: Enter the default username for Savvius Insight. The default is root.

• Password: Enter the password for Savvius Insight. The default is savvius

3. Since you are logging into Savvius Insight for the first time, you are prompted to change the default password before continuing.

10 Initial configuration using the configuration utility



• Current Password: Enter the current password for Savvius Insight. The default is savvius.

• New Password: Enter the new password for Savvius Insight.

• Confirm Password: Enter the new password again for Savvius Insight.

Note Make sure to note the Password that you configure. You can also change the Savvius Insight password at any time by clicking Change Password from the configuration utility.

4. Click Submit. The Savvius Insight Configuration Utility appears.

5. Configure Savvius Insight settings:

Important! Once you configure and apply the settings below, if you had changed the IP address for Savvius Insight, you must enter the IP address of Savvius Insight as configured below, as well as the new password entered above to access the configuration utility again.

Settings

Initial configuration using the configuration utility 11



• Savvius Insight Portal: Click the insight.savvius.com link to access documentation and support resources for Savvius Insight owners. It contains links to download Omnipeek for Savvius Insight network analysis software for Windows and the Savvius for Splunk app.

• Device Name: Enter a name for Savvius Insight. A unique device name allows for easy identification of data sources.

• IP Assignment: This setting lets you specify whether Savvius Insight uses DHCP or static settings. If DHCP is selected, then Savvius Insight is configured by the DHCP server. If Static is selected, then Address, Netmask, Gateway, and DNS settings can be configured for Savvius Insight.

Important! Savvius Insight is pre-configured to obtain an IP address automatically from a DHCP server; however, we strongly recommend the use of a static IP address for Savvius Insight. If DHCP is used, and if the address should change on a new DHCP lease, then the user must look up the new IP address assigned to Savvius Insight from the DHCP server. To help you look up the IP address, the MAC Address of Savvius Insight is displayed if you select DHCP.

Note If DHCP is selected, you have approximately two minutes to connect Savvius Insight to your network in order for the DHCP server to assign an IP address. Please make sure Savvius Insight is connected to your network within the two minute time period from the time you click Apply. If you reboot Savvius Insight, the two minute clock is also reset.

• Address: This setting lets you specify the IP address that you are assigning to Savvius Insight.

• Netmask: A Netmask, combined with the IP address, defines the network associated with Savvius Insight.

• Gateway: Also known as ‘Default Gateway.’ When Savvius Insight does not have an IP route for the destination, the IP packet is sent to this address as it does not know how to direct it locally. Only a single default gateway can be defined.

• DNS: This is the domain name server. A Domain Name Server translates domain names (e.g., www.savvius.com) into an IP address. Enter the address of the DNS server, and click Add Server. Multiple DNS name servers can be defined. You can also edit or delete any defined DNS servers.





Time Settings

• Timezone: The Timezone setting lets you specify the physical location of Savvius Insight. Select from the list the location closest to your Savvius Insight.

• NTP Server: The Network Time Protocol (NTP) is used to synchronize the clocks of computers over a network. To synchronize the Savvius Insight clock, you can specify the IP address of an NTP server located on either the local network or Internet. Enter the address of the NTP server, and click Add Server. Multiple NTP servers can be defined. You can also edit or delete any defined NTP servers.




Reporting Options

• None: Select this option if you are not automatically collecting statistics for one of the three reporting options below.

• Local: Select this option to configure the built-in local reporting server on Savvius Insight as the reporting option that Savvius Insight automatically forwards its network statistics to once the configuration settings are applied. See also Using Savvius Insight for long-term reporting on page 20:

• Maximum Space: Enter the maximum amount of disk space (in Gigabytes) allocated on the reporting server before older data written on the hard disk is deleted to make room for newer data. Older data is deleted until the total disk spaced used on the reporting server is below the configured amount.

Note When configuring Maximum Space, keep in mind to leave enough disk space available for other Savvius Insight functions, including capture-to-disk captures.

• Dashboard Login: Displays the username used to log into the local reporting server from a web browser. The default dashboard login username is insight. This username is different from the login username configured above for the configuration utility.




• Dashboard Password: Enter a password used to log into the local reporting server from a web browser. The default dashboard password is savvius. This password is different from the login password configured above for the configuration utility.

• Remote Elasticsearch: Select this option to configure a remote Elasticsearch server as the reporting option that Savvius Insight automatically forwards its network statistics to once the configuration settings are applied. See also Using Savvius Insight for long-term reporting on page 20:

• Server: Enter the IP address of the remote Elasticsearch server.

• Port: Enter the port used to communicate to the Elasticsearch server.

Note If Remote Elasticsearch is selected as the reporting option in the configuration utility, in order to view the Savvius Insight dashboards, you will first need to log into the remote Elasticsearch server and import the Savvius Insight dashboards file to the server. See Importing Savvius network dashboards to the remote server on page 23.

6. Click Apply to save and apply the configuration settings to Savvius Insight.

Note You will lose connection to Savvius Insight if you configured a new static Address in Settings above.




Upgrading Savvius Insight softwareWhen a Savvius Insight software update becomes available, the configuration utility alerts you of the update, and displays a screen similar to the screen below. You will need to download a ZIP file containing the two upgrade files, and then install those files, as described below.

To upgrade the Savvius Insight software:

1. Start the Savvius Insight Configuration Utility from your web browser.

2. When software updates are available, click ‘here’ to download a ZIP file that contains the Image and Checksum files required to update the software.

3. Click ‘upgrade’ to install the Image and Checksum files from where the ZIP file is saved on your hard disk. The Upload Image screen appears.

‘here’ ‘upgrade’

16 Upgrading Savvius Insight software



4. Click Choose File to navigate to the ZIP file, and then click Upload.

5. Allow the upload to complete. Wait up to five minutes for Savvius Insight to reboot. You will lose connection to the configuration utility once Savvius Insight reboots.

Savvius Insight actionsThe actions link at the top of the configuration utility displays the Actions dialog that includes options for powering off, rebooting, and resetting Savvius Insight to its factory defaults.

Savvius Insight actions 17



• Power Off: Select this option to turn off Savvius Insight.

• Reboot: Select this option to reboot Savvius Insight.

actions

18 Savvius Insight actions



• Factory Reset: Select this option to reset Savvius Insight to its factory settings. You will lose all saved settings and data on Savvius Insight when it is reset to its factory settings. Once Savvius Insight has reset, you will need to run the configuration utility again as described in Initial configuration using the configuration utility on page 9.

Note You can also perform a factory reset using the Reset button, as described in Back panel features on page 8.

Connecting to Savvius Insight through the serial portUsing a serial cable connected to the serial port on Savvius Insight, a PC/laptop, and a terminal program of your choice, you can log into Savvius Insight and access the command prompt (root@Insight). This is especially useful for advanced diagnostics or recovery access.

To connect to Savvius Insight through the serial port:

1. Connect a serial console cable (not included with Savvius Insight) from the serial port (DB-9) on your laptop to the serial port (RJ-45) on the back panel of Savvius Insig ht.

2. Using any serial terminal program (e.g., HyperTerminal or Putty), establish a connection to Savvius Insight. Make sure the appropriate terminal settings match the default settings below for Savvius Insight:

• Terminal Type: [VT100+]

• Bits per second: [115200]

• Data Bits: [8]

• Parity: [None]

• Stop Bits: [1]

• Flow Control: [None]

• VT-UTF8 Combo Key Support: [Enabled]

• Recorder Mode: [Disabled]

• Resolution 100x31: [Enabled]

3. Once a connection to Savvius Insight has been established, the Insight login prompt appears.

4. Log into Savvius Insight by entering the username and password you configured earlier using the configuration utility. If you did not configure a username and password earlier, the default is:

Connecting to Savvius Insight through the serial port 19



username: root

password: savvius

5. The Insight command prompt (root@Insight) appears once you are logged in.

Using Savvius Insight for long-term reportingWhen you connect Savvius Insight to your network it immediately begins collecting network statistics for long-term reporting and trending. Searching for and analyzing data is extremely easy using the built-in dashboards. Customize these dashboards to analyze your data intelligently, perform mathematical transformations, and slice and dice your data as you see fit.

Because ELK is the technology behind the integrated long-term reporting capability included with Savvius Insight, it can be configured to send its data directly to a remote ELK server (such as the Remote Elasticsearch server). This allows for longer term reporting and centralized aggregation of data from multiple Savvius Insight appliances to monitor all of your remote networks that have Savvius Insight on them.

20 Using Savvius Insight for long-term reporting



Savvius network dashboards

The Savvius network dashboards provide the user interface to view the long term reporting of your network and the applications running on them. They are built on the ELK platform, which is an open source software stack consisting of Elasticsearch, Logstash, and Kibana (ELK). Kibana is the user interface displayed when viewing the Savvius Insight dashboards. For more detailed information about ELK, please refer to the documentation on the Elasticsearch website, and the many forums discussing it.

Each of the Savvius network dashboards display different information about the network; however, they all have the common controls listed below:

• Navigation Pane: The navigation pane lets you select the Discover, Visualize, Dashboards, Timelion, Dev Tools, and Management options:

• Discover: Review raw event data, and create searches.

Filter Bar Dashboards BarNavigation Pane

Dashboards

Savvius network dashboards 21



• Visualize: Create visualizations (or panels).

• Dashboard: Create, manage, and navigate through the Savvius Insight dashboards.

• Timelion: Create time series data visualizations that analyze data in time order. Timelion is driven by a simple expression language used to retrieve time series data, perform calculations to tease out the answers to complex questions, and visualize the results.

• Dev Tools: Enter arbitrary queries to Elasticsearch.

• Management: Perform a variety of administration tasks.

• Filter bar: The filter bar lets you filter the content of the panels in the dashboard. The type of filter to use is dependent on the data in the panels. The filter bar is a powerful feature in Savvius Insight dashboards. To learn more about using the Filter bar, refer to the documentation on the Elasticsearch website.

• Dashboards bar: The dashboards bar contains links to all of the dashboards that ship with Savvius Insight. If new dashboards are created they will not be added to this bar automatically, but can be added manually. You can view descriptions of each available Savvius network dashboard by clicking Help from the dashboards bar.

Logging into the Savvius network dashboards

You can display the login to the Savvius network dashboards as described below, depending on which reporting option is selected in the configuration utility:

If Local is the selected reporting option, do one of the following:

• Enter the following in the URL bar of browser window: https://<IP Address>:8443 where <IP Address> is the IP address of Savvius Insight, and 8443 is the port used by Savvius Insight.

• Click View the Reporting dashboard below the Local option in the configuration utility. This is only available when the Local option has already been selected and applied from the configuration utility.

If Remote Elasticsearch is the selected reporting option, do the following:

• Enter the following in the URL bar of browser window: https://<IP Address>:<Port>

22 Using Savvius Insight for long-term reporting



where <IP Address> is the IP address of the remote Elasticsearch server, and <Port> is the port used by the server.

Remote server IP address and port in configuration utility

To forward data from Savvius Insight to a remote Elasticsearch server, you must configure both the IP address of the server and the port used by the Elasticsearch server in the Savvius Insight configuration utility. Once the settings in the configuration utility are applied, data automatically begins to flow from Savvius Insight to the remote Elasticsearch server via the ‘MGMT’ ports on Savvius Insight. See Initial configuration using the configuration utility on page 9.

Use ‘BRIDGED’ ports for long-term reporting

When Local or Remote Elasticsearch is selected as the reporting option in the configuration utility, Savvius Insight automatically starts multiple captures on its ‘BRIDGED’ ports. Make sure the ‘BRIDGED’ ports on Savvius Insight are properly cabled. See Front panel features on page 5.

Note Do not delete any of the captures. If a capture is deleted, you must recreate the captures by selecting None as the reporting option in the configuration utility, applying this selection, and then reselecting and applying either Local or Remote Elasticsearch as the reporting option. See Initial configuration using the configuration utility on page 9.

Importing Savvius network dashboards to the remote server

If Remote Elasticsearch is selected as the reporting option in the configuration utility, in order to view the Savvius network dashboards, you will first need to log into the remote Elasticsearch server and import the Savvius network dashboards file to the server.

To import the Savvius network dashboards:

1. Open a web browser and go to the Savvius Insight Portal on the web (https://insight.savvius.com) and download the dashboards.json file. You must be a registered user to download this file.

2. Log into the Savvius network dashboards on the remote Elasticsearch server. See Logging into the Savvius network dashboards on page 22.

3. On the Settings menu, select Objects.

Remote server IP address and port in configuration utility 23



4. Click Import.

5. Navigate to the dashboards.json file that was downloaded from the Savvius Insight Portal, and click Open.

6. If prompted to delete any existing dashboards, searches, and visualizations, delete only those that are no longer needed.

Enabling Health dashboard support

The Savvius network Health dashboard is disabled by default. No data is populated in the dashboard until the dashboard is enabled by manually modifying the configuration file residing on Savvius Insight.

To enable Health dashboard support:

1. Use any text editor and modify /etc/default/elk.

2. Uncomment the line ‘SNMPTRAP=yes’.

3. Reboot Savvius Insight.

Using Savvius Insight and Omnipeek for Savvius InsightA version of Omnipeek software called ‘Omnipeek for Savvius Insight’ is available for download for users of Savvius Insight. You can use Omnipeek for Savvius Insight software to start packet captures, and to analyze the packet files that are captured and saved on Savvius Insight. Omnipeek for Savvius Insight software is installed on a Windows computer located on the same network as Savvius Insight. You can register your Savvius Insight and download the Omnipeek for Savvius Insight software by visiting https://insight.savvius.com/omnipeek.

Note If you have Omnipeek software (version 10.1 and above) already installed on a computer, you can use that version of Omnipeek to start captures, and to analyze packet files captured and saved on Savvius Insight.

Here are some of the strategic ways to get started with Omnipeek for Savvius Insight software:

• Start a capture: Starting a capture lets you capture and analyze data in real-time, and record data for post-capture analysis from one or more Savvius Insight appliances installed on the network. You can view a capture in real-time, or save it to disk (capture-to-disk) for later analysis. See How to start a capture on Savvius Insight on page 27.

24 Using Savvius Insight and Omnipeek for Savvius Insight

https://insight.savvius.com/omnipeek



Note We recommend limiting instances of capture-to-disk captures on Savvius Insight in order to extend the storage life of the SSD.

• View the Compass dashboard and other dashboards: The Compass dashboard is an interactive forensics dashboard that displays network utilization over time including protocol, node, flow, VLAN, and application statistics. You can view these statistics from a single supported capture file, or from multiple capture files (*.pkt, *.apc, *.pcap [Libpcap format only], *.wcap [Libpcap format only], *.cap [Libpcap format only], *.wpz, and *.pcapng) aggregated within the Compass workspace. Additionally, other dashboards such as the Timeline, Network, and Applications dashboards, are also available to display graphical data about your network summarized into several easy-to-read displays.

• View the Experts: The Expert views provide expert analysis of response time, throughput, and network applications in a flow-centered view of captured traffic. Expert views also provide a detailed view of every transaction, noting any events encountered in each individual conversation or flow. You can drill down to select the packets associated with a particular event or with any conversation in Expert views.

• View the Packets: Packets, the units of data carried on the network, are the basis for all higher level network analysis. When troubleshooting network problems, it is important to be able to drill down into the packets themselves by looking at their individual decodes as well as use the packets captured into the buffer as the foundation for expert and statistical analysis. The Packets view of a capture window is where you can view information about the individual packets transmitted on your network.

To learn about the above features and more, view the Omnipeek User Guide and online help.

Main program window and Start page

To start Omnipeek for Savvius Insight:

• On the Start menu, click Omnipeek for Savvius Insight.

The main program window and Start Page appears. The parts of the main program window are described below.

Main program window and Start page 25



• Toolbar: Provides buttons for frequently-used tasks in Omnipeek. To display different toolbars or to customize toolbar options, on the View menu, click Toolbars.

• Start Page: Provides buttons for opening saved capture files and viewing the Capture Engines window. Additionally, the Start Page provides links to useful resources, both local and online.

• Status Bar: Shows brief context-sensitive messages on the left and the current monitor adapter on the right. To toggle the display of the status bar, on the View menu, click Status Bar.

Toolbar

Status Bar

Start Page




How to start a capture on Savvius Insight

Savvius Insight captures allow you to capture and analyze network data in real-time, and optionally record data for post-capture analysis. You can start captures from each of the Ethernet ports, and from the bridge ports on Savvius Insight. Use of the Ethernet ports will require the use of a network tap. Bridge port captures should be configured as described in Front panel features on page 5.

To start a capture on Savvius Insight:

1. In Omnipeek for Savvius Insight, do one of the following to open the Capture Engines window:

• On the Start Page, click View Capture Engines

• On the View menu, click Capture Engines

The Capture Engines window appears.

2. From the Capture Engines window, click Insert Engine. The Insert Engine dialog appears.

Insert Engine

How to start a capture on Savvius Insight 27



3. Complete the dialog:

• Host: Enter the IP address of the Savvius Insight that you want to connect to.

• Port: Enter the TCP/IP Port used for communications. The default port for the Savvius WP Omni protocol is 6367.

• Authentication: Select Third Party to connect to Savvius Insight.

• Domain: Type the Domain for login to Savvius Insight. If Savvius Insight is not a member of any Domain, leave this field blank.

• Username: Type the Username for login to Savvius Insight.

• Password: Type the Password for login to Savvius Insight.

4. Click Connect. When the connection is established, the Home tab for Savvius Insight appears.




5. From the Home tab, click New Capture and select the type of capture window that you would like to create:

• New Capture…: This option lets you create a new Savvius Insight capture based on the capture settings that you define.

• New “Forensics Capture”: This option lets you create a new Savvius Insight capture based on a forensic capture template configured for post-capture forensic analysis.

• New “Monitoring Capture”: This option lets you create a new Savvius Insight capture based on a monitoring capture template configured to view higher level expert and statistical data in a continuous real-time capture.

• Edit Capture Templates: This option opens the Capture Templates dialog and allows you to create new capture templates, or edit existing ones.




Note You can also select the above options from the Insert drop-down list available from the Captures tab, and from the New Capture options available from the Adapters tab.

6. Configure the General options. Click Help on the dialog to help you configure the options.

7. Choose a Savvius Insight capture adapter in Adapter options. Each adapter corresponds to the Ethernet ports on Savvius Insight.




8. Click OK. A new Savvius Insight capture window appears.




Capture window views

The navigation pane of every capture window presents the views that display information about the capture data. A Savvius Insight capture window can have the views listed below. Here is an example of a capture-to-disk capture window from a Savvius Insight appliance.




• Dashboards: These dashboards display graphical data about your network summarized into several easy-to-read displays.

• Network: This dashboard provides an overview of network statistics for the capture.

• Applications: This dashboard displays key statistics for applications in the capture window.

• Timeline: This dashboard provides an overview of the top talkers, top protocols, and network utilization for the Capture Engine.

• Compass: This dashboard lets you view network utilization, and top statistics from a single supported capture file, or from multiple capture files.

• Capture: These views display information about packets captured into the capture buffer.

• Packets: This view lists all of the packets placed in the buffer of a capture window (or capture file). The Decode and Hex panes show the contents of the selected packet decoded or in hexadecimal and ASCII.

Capture Window Views

Capture window views 33



• Events: This view collects messages generated by events relating to the particular capture window. These events include the results of notifications generated by the triggers or analysis modules selected for the capture window.

• Filters: This view lets you enable, disable, add, edit, and delete filters used for capturing packets into the capture window buffer.

• Alarms: This view lets you query a specified monitor statistics function once per second, testing for user-specified problem and resolution conditions. On matching any of these tests, the alarm function sends a notification of user-specified severity.

• Expert: These views provide expert analysis of delay, throughput, and a wide variety of network events in a conversation-centered view of traffic in a capture window.

• Clients/Servers: This view makes it easy to track events and to see them in the context of peer-to-peer or client-server traffic patterns.

• Flows: This view displays each flow independently in a flat view. This simplified view allows you to compare flows to one another, regardless of the node pair to which they belong.

• Application: This view allows you to categorize each flow by application. This view allows you to see who is using each application on your network and how each application is performing.

• Web: These views let you display web page requests and responses, allowing you to track client/server activity within a capture. The same web data is presented in four formats.

• Servers: This view lets you focus on which servers are being used.

• Clients: This view lets you focus on which clients are using which servers.

• Pages: This view displays a list of web pages with each individual request nested underneath.

• Requests: This view displays a flat list of individual HTTP requests.

• Visuals: These views graphically display network traffic and statistics.

• Peer Map: This view lets you visualize network traffic by displaying nodes and the traffic between the nodes. The lines indicate traffic between two nodes. The relative thickness of the lines indicate the volume of traffic occurring.

• Graphs: This view displays graphs of individual items from the other statistics views in real time. The data from these graphs can also be saved as tab-delimited or comma-delimited text, or as XML \ HTML. On a Capture Engine, this view must be enabled in the Graphs options of the Capture Options dialog.

• Statistics: These views display various statistical data about your network.




• Nodes: This view displays real-time data organized by network node. You can choose to display the nodes in a nested hierarchical view (logical addresses nested beneath their physical address), or in a variety of flat tabular views. Right-click the column header to add or remove various columns.

• Protocols: This view displays network traffic volume as a percentage of total bytes, broken down by protocol and subprotocol. You can choose to display the protocols in either a nested Clients/Servers view or a Flows view.

• Summary: This views lets you monitor key network statistics in real time and save those statistics for later comparison. Summary statistics are also extremely valuable in comparing the performance of two different networks or network segments.

• Applications: This views lets you view basic statistics about applications for a capture window.

• Countries: This views lets you view a geographical breakdown of traffic based on IP address for a capture window.

Limit capture-to-disk to preserve SSD

Savvius Insight uses an SSD with a duty cycle that is not rated for continuous capture-to-disk. We recommend limiting instances of capture-to-disk captures on Savvius Insight in order to extend the storage life of the SSD. Problems associated with continuous capture-to-disk use are not covered by warranty.

Solving problems using Omnipeek for Savvius InsightOmnipeek for Savvius Insight can be used in many ways to solve problems on your network. This section describes five common network analysis tasks you can easily perform with Omnipeek for Savvius Insight.

Note The examples below are based on a capture-to-disk capture file saved from a Savvius Insight appliance.

Where do I start?

The Compass dashboard provides an intuitive yet detailed summary of all network activity. Use this dashboard as your “compass” to find which areas need more detailed analysis.

Limit capture-to-disk to preserve SSD 35



To use the Compass dashboard:

1. Click Compass in the navigation pane of the capture window to display the Compass dashboard.

2. In the example above, let’s learn more about the spike in network activity (graphing average Mbits).

3. Put your cursor just to the left of the spike, drag across the spike, and then let go. The entire Compass dashboard, the graph and the detailed panels below, all update automatically to reflect the time frame you selected around the spike.

36 Solving problems using Omnipeek for Savvius Insight



4. Note the Protocols, Flows, and Nodes statistics chart windows below the graph. You can pin or unpin statistics chart windows for Channels, WLAN, VLAN, Data Rates, and Applications by clicking the desired tab or pin/unpin icon (push-pin) in the upper right of the statistics chart window.

5. You now have a complete view of your network traffic for just the spike in activity. Use each of the statistics chart windows to quickly see what caused the spike and determine if more detailed analysis is needed.

Who’s using my network, and how?

1. Click Nodes in the navigation pane of the capture window to display the Nodes view. The Nodes view provides a list of all nodes that have been active on the network since the capture started.

Who’s using my network, and how? 37



2. The total number of nodes is listed in the upper left-hand corner. Use the adjacent pull-down menu to choose the type of node data to display. “IP” is the most common view.

3. Click a column header to sort the data by that parameter. If you need to quickly see your top talkers, sort on the “Total Bytes” or “Total Bytes %” columns. Your top talkers will rise to the top of the list.

4. To see exactly what your top talkers are doing on the network, simply double-click the node to create new tab that shows the overall application or protocol usage for that node. The view can be toggled between application and protocol using the drop down box in the title bar.

Total Nodes View Type Column Header




5. You now know who is using your network, and how.

How is my network performing?

Omnipeek for Savvius Insight performs detailed network analysis (“Expert” analysis) in the background to find common and even not so common network problems. A list of these potential problems can be found in the Expert views.

To use the Expert views to perform network analysis:

1. Click Applications in the Expert views of the navigation pane of the capture window. The Applications view displays Expert analysis categorized by application.

How is my network performing? 39



2. Be sure the “Event Summary” tab is selected in the bottom window. The “Event Summary” tab shows all of the potential issues that have been identified during this capture.




3. To quickly find exactly what application and what user has been effected by a non-responsive server, just click on that event. The application data in the upper window will be automatically expanded to show exactly which application, server, and client has been effected. In this case all instances correspond to the same communication between 10.4.2.55 and server 23.210.225.58 over HTTPS.

How is my network performing? 41



4. If you want to tune the settings for this analysis function, just right click the event in the Event Summary, choose EventFinder Settings, and adjust the parameters in the dialog box that appears. You can also see a summary of the Event and change the Event severity.

5. With Expert events, Omnipeek for Savvius Insight watches your network for you. You can set up alerts based on Event severity so you never miss a problem.

How do I get a single view of who’s talking to whom?

Omnipeek for Savvius Insight includes a feature called the Peer Map that provides a visual representation of who is talking to whom on the network.

To use the Peer Map:

1. Click Peer Map in the navigation pane of the capture window to display the Peer Map view.




2. The Peer Map represents each network node with a dot.

a. The size of the dot scales to the relative traffic for that node.

b. The lines emanating from each node represent each of its connections to other net-work nodes.

c. The thickness of the line scales to the traffic between those two nodes in relation to all other nodes.

d. The color of the line depicts the underlying protocols in use – multiple colors means multiple protocols in use between the network nodes.

3. To better isolate a node, simply drag it away from the others to get a clearer view. Any node repositioning will be retained the next time you open the packet file.

4. The panel on the right allows you to customize the view in the Peer Map. Key customization elements include:

a. Number of nodes

b. Type of nodes

How do I get a single view of who’s talking to whom? 43



c. Protocols in use

5. For example, if you want to isolate a particular protocol to quickly find only those conversations, click to disable all protocols in the “Protocols” panel, and then click the check box next to the protocol you wish to isolate—in this case, HTTPS.

6. In just a few clicks we have quickly identified the one conversation using HTTPS that connects to Savvius Insight.

How do I save a file to share with someone else?

There may be times when you want to share a packet file with someone else to get their opinion on a network issue. This is very easy to do with Omnipeek for Savvius Insight.

To create a packet file:

1. On the File menu, click Save All Packets …. This will create a file that includes all of the packets that are associated with the open capture window.




2. Omnipeek for Savvius Insight provides a wide range of formats for saving packets, depending on the intended use of the saved file. Some examples include:

a. Omnipeek format (.pkt, .wpz) – use this format if you are sharing files with another Omnipeek user.

b. Packet List (comma or tab delimited) – use this format is you want to export packet information into another program. The most common usage is to import data into Microsoft Excel for further analysis of graphing.

c. Libpcap or PcapNG – use one of these formats if you are sharing files with a Wireshark user.

Self-support portal for Savvius InsightSupport for Savvius Insight is available only at the Savvius Insight Web portal located at https://insight.savvius.com.

In the portal you will be able to:

• Register your Savvius Insight

• View the Frequently Asked Questions

• Obtain configuration instructions for common use cases

Self-support portal for Savvius Insight 45




• Share your Savvius Insight experiences and issues with other users in an interactive forum

• Learn new Tips and Tricks about Savvius Insight hardware and software

An RMA (Return Material Authorization) number must be obtained from Savvius in order to return hardware for any reason. Your Savvius Insight must also be registered to obtain warranty service.

Technical specificationsThe technical specifications for Savvius Insight are listed below:

Processor

• Intel® Atom™ C2558, 2.4 GHz Quad-Core

Memory

Savvius Insight• 8 GB DDR3 1600 MHz UDIMM RAM

Savvius Insight Plus• 16 GB DDR3 1600 MHz UDIMM RAM

I/O

• (4) RJ45 LAN (GbE)

• (2) RJ45 Inline bypass ports (GbE)

• (2) USB 2.0 ports

• (1) Serial port (RJ45)

• (1) On/Off switch

• (1) Reset button

• (3) Status LEDs

46 Technical specifications



Storage

Savvius Insight• 1 x 256 GB SSD

Savvius Insight Plus• 1 x 1 TB SSD

Power Supply

• 60 W Power adapter

• 100-240 V @50-60 Hz

Environmental

• Operating temperature: 32° to 104° F (0° to 40° C)

• Storage temperature: -4° to 158° F (-20° to 70° C)

• Relative humidity: 5% to 90% (non condensing)

• Storage humidity: 5% to 95% (non condensing)

Regulations

• EMC CE Class B

• FCC Class B

• RoHS

• UL

• VCCI

Physical

• Fanless

• 7-by-1.7-by-5.7-inches (177-by-44-by-145.5-millimeters)

• Unit weight 2.64 lbs (1.2 kg)

• Shipping weight 4.5 lbs (2.04 kg)

Technical specifications 47



Warranty

• 1-year warranty

Software Packages

• Pre-loaded, tested, and fully integrated Capture Engine for Omnipeek®

• ELK (Elasticsearch, Logstash, Kibana) long term reporting dashboards

• Ubuntu Server

• Omnipeek for Savvius Insight™ Windows Client (installed separately on customer-supplied computer)

48 Technical specifications

Documents

Insight User Guide · office, as well as historical data for comparisons when issues arise. With Savvius Insight installed at each office, the IT manager can track all offices from