| Because the Realeyes IDS maintains information about each session, it is possible to collect statistics for certain network activity. This definition is optional, and by default is inactive. Administrators and Analysts with rules definition authority may define Statistics rules by selecting Rules -> Statistics from the menu bar. Any Analyst may display statistics definitions. The Statistics definitions are divided into four sections. The first section defines the Host being defined, the minimum data required for Statistics to be reported, and the time periods to be monitored. Statistics are collected for three time periods each day, and the definitions are for the start of each period. While most times in the Realeyes IDS system are based on Universal Time Coordinates (UTC), the Statistics times are based on local time. The second second section defines the networks for which the statistics are to be collected. The subnet mask for IPv4 networks must be in dotted decimal notation. The statistics collected are the total number of inbound bytes and outbound bytes per port in the monitored networks. The third and fourth sections define specific hosts or ports to monitor. These break out the total inbound bytes and outbound bytes for each session established with the monitored host or port. The Validate button tests that the Statistics context is valid. For example, the time periods to be monitored must be sequential. This can only be determined by using the Validate button. |