Skip to main content
Skip table of contents

NetMon Glossary


The place to find the meaning of terms found in NetMon user guides, training materials, and other documents.

A


Agent for NetMon

A software component that receives data from the appliance and then sends it to the LogRhythm SIEM for further processing.

Alarm

An alarm is triggered when network traffic matches a rule found on the Alarms > Rules page. When an alarm is triggered, it is sent as an event to the LogRhythm SIEM.

Appliance

The NetMon hardware.

Application

Network protocols or web applications that NetMon identified using pattern matching and heuristic modeling, as well as signatures.

B

No terms available

C


Client

Initiator of a session, such as a workstation or laptop.

D


DAS

Direct Attached Storage

Deduplication

A process that recognizes and consolidates duplicate event data from log sources into a single, aggregate record.

Deep Packet Analytics

Allows users to write rules that interact with network traffic as it is being processed.

Deep Packet Analytics Rules

Custom rules that enable users to determine flow state, access and set metadata, trigger alarms, enable capture, write log messages.

Deep Packet Inspection

A process whereby NetMon analyzes network data using a variety of methods, including pattern matching, heuristic modeling, signatures for session identification, application identification, and metadata extraction.

DNS

Domain Name Server

DPASee Deep Packet Analytics
DPISee Deep Packet Inspection

E


Engine

The packet processing component that classifies data during Deep Packet Inspection.

Event

A Syslog message to LogRhythm SIEM that can be a message about an error, failure, attack, and more.

F


Flow

A collection of activity by a single user on a single application. The flow contains source and destination information, bytes and packet counts transferred in both directions, application identification, and many other metadata fields. Long-running flows send updates every 10 minutes by default, but you can change that value. Each flow has a unique identifier that links multiple intermediate flows together.

G

No terms available

H


Half Session

A session is a bi-directional flow of packets between one client and one server. A half session defines one direction of that flow, on either the sender or receiver side.

I


Intermediate Flow

An update of the communications between the client and server.

IP

Internet Protocol

J

No terms available

K


KBSee Knowledge Base

Knowledge Base

A LogRhythm Package that consists of a mixture of content both required and optional that is shared across a LogRhythm Deployment. It consists of the core Knowledge Base as well as modules. The core Knowledge Base includes content applicable to all deployments, such as log processing rules, policies, and classifications.

L


Layout

Saved queries and charts, which provide a view into specific data. For example, the Packet Layout shows graphs and tables relating to packets processed in the network.

License Limited

In the Data Rate chart, indicates the rate in megabits per second at which packets are being throttled/discarded according to your licensed capture rate.

Logger

The Flow Output component that processes the metadata into flows.

LogRhythm NetMon Freemium

The free version of LogRhythm NetMon with reduced functionality.

Lua

A lightweight multi-paradigm programming language designed as a scripting language with extensible semantics as a primary goal.

Lucene Search

An open-source text retrieval library released under the Apache Software License. NetMon queries are performed using Lucene search.

M


Memory Pool

Pre-allocated memory space with a fixed size. Pools allow for dynamic memory allocation and can help improve performance.

Metadata

Data generated during packet-processing, appropriate to each application. For example, metadata might include the login, command, and filename from the file transfers or messages inside an Internet Relay Chat (IRC).

N


Network Time Protocol

A networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.

NTPSee Network Time Protocol

O


OS

Operating System

P


PCAP

A file format used for saving raw flow data.

PCAP File

An industry-standard format for containing packet capture data. PCAP data includes the raw packets for a flow. NetMon stores the raw packets from the network tap in PCAP files.

Q

No terms available

R

No terms available

S


Session

A bi-directional flow of packets between one client and one server. A half session defines one direction of that flow, on either the client or server side.

SIEM

Security Information and Event Management. The LogRhythm SIEM is a security intelligence and log management platform that delivers advanced cyber threat defense, detection, and response to protect networks from a rapidly evolving threat landscape.

SMTPSimple Mail Transfer Protocol

SNMP

Simple Network Management Protocol

SSL

Secure Sockets Layer

Syslog

An open-source protocol for passing data to a Syslog server. NetMon transfers data to the LogRhythm SIEM (or to a third-party system) using the Syslog protocol.

T


TCP

Transmission Control Protocol

U


UDP

User Datagram Protocol

URL

Uniform Resource Locator

UTC

Coordinated Universal Time. The primary time standard by which the world regulates clocks and time. Time zones around the world are expressed as positive or negative offsets from UTC. The hours, minutes, and seconds that UTC expresses is kept close to the mean solar time at the Earth's prime meridian (zero degrees longitude) located near Greenwich, England.

V

No terms available

W

No terms available

X

No terms available

Y

No terms available

Z

No terms available

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.