Observer Analyzer : Analyzer : Network and Application Discovery : How to add application definitions
   
How to add application definitions
 
Page Contents
How to associate non-standard ports with an application
Sharing application definitions with others
How to import application definitions
How to export application definitions
Adding derived application definitions
The Server Application Discovery tool is pre-loaded with popular application definitions, ensuring most of the server applications you discover are recognized by Observer. There are cases, however, when adding more application definitions to the stock set is desirable.
To add more application definitions for the Server Application Discovery tool to use, complete the following steps or see Adding derived application definitions for details about creating definitions for applications that are subsets of another application:
1. Click the File tab, and click Options > Protocol Definitions.
2. Click the applications definitions tab you want to add to (below the Start and Stop buttons).
3. Click Add Application. The Add Application window appears.
Figure 13: Add an application from the list or define a custom application
App definition add dialogApp definition add dialog
4. Select an application from the list, and click Add. If your application is not in the list, click Custom to create your own.
5. In the Add Application Definition dialog that appears, ensure these details are correct, (or type application details if you chose Custom), and click OK.
6. Click Apply Changes.
Choices are displayed that allow you to set the scope of your changes.
7. Choose one of the following:
Apply changes to this Probe Instance only
Apply changes across all Probe Instances
Apply changes across all Probe Instances only applies changes to currently connected probes instances. The changes cannot apply to disconnected probe instances.
 
Your new application now appears in the list of application definitions.
 
How to associate non-standard ports with an application
Some applications running on the network may be using a non-standard port. If you are aware of these exceptions and want to add the port to an application’s definition, you can do so.
The benefit of is that you do not need to wait for the Server Application Discovery tool to see something that you already know exists.
For example, the standard server port for MySQL is 3306. But you configured your MySQL server to use 63245 instead—a non-standard port. You must therefore associate port 63245 with the MySQL application definition so that it can be reported with greater ease in Server Application Discovery.
To associate non-standard ports with an application definition, complete the following steps:
1. Click the File tab, and click Options > Protocol Definitions.
2. Click an applications definitions tab that interests you (seen below the Start and Stop buttons).
3. Scroll through the list of application definitions, and find one that you want to associate non-standard ports with.
4. Click the application definition to select it.
5. Click Add Ports.
The Add Application Definition dialog appears.
6. Type the port number, or port range, to associate with the selected application.
7. Click OK to confirm your changes.
8. Click Apply Changes.
 
You successfully associated a non-standard port with an application. You can repeat this process for any application definition at any time.
Observer is intelligent enough to not require you to complete these steps—it will discover items regardless—but your manual entry adds meaningful intelligence to your tool set and may aid you in the future.
 
 
Using the MySQL example, you would select the TCP Application Definitions tab, scroll down the list, select MySQL, click Add Ports, type 63245, click OK, and finally click Apply Changes. The software now recognizes activity on port 63245 as potentially being MySQL.
Sharing application definitions with others
Application definitions can be shared using the included import and export functions. Sharing is useful for making your application definitions uniform across multiple installations, and it can even be used as a backup tool.
How to import application definitions
To import application definitions, you need access to an exported *.protodefs file. See How to export application definitions for details.
To import application definitions, follow the import process:
1. Click the File tab, and click Options > Protocol Definitions.
2. Click any one of the applications definitions tabs (not the Server Application Discovery tab itself) to ensure one of these tabs has focus.
3. Click Tools, and click Import Application Definitions.
The Open file dialog appears.
4. Locate and select the *.protodefs file that you want to import, and click Open.
Figure 14: The final importing dialog
Observer app definition import dialogObserver app definition import dialog
The Import Application Definitions dialog appears.
5. Select the protocols to import and the importing behavior.
 
You successfully imported application definitions. The definitions you import are now part of your local collection.
 
How to export application definitions
To share application definitions with other users, you must first save them to a file.
Create your file by following this export process:
1. Click the File tab, and click Options > Protocol Definitions.
2. Click any one of the applications definitions tabs (not the Server Application Discovery tab itself) to ensure one of these tabs has focus.
3. Click Tools, and click Export Current Application Definitions.
The Export Application Definitions dialog appears.
4. Select the groups of definitions you want to export, and click Export.
5. Type a name for your file, and click Save.
You successfully exported your application definitions to a *.protodefs file.
 
You can now share this file with other users and installations, or keep it as a backup copy.
 
Adding derived application definitions
Creating a derived application definition allows Observer to take one large application that may have many sub-applications within it and identify each of the sub-applications.
For instance, Java traffic can be identified within HTTP. After Observer identifies the derived application, it appears on your reports and elsewhere within Observer as its own application. The Decode tab is unaffected though. The derived application decodes as part of its parent’s application type. In our Java example, all Java traffic is viewable on the Decode tab as part of HTTP.
To add a derived application definition for the Server Application Discovery tool to use, complete the following steps:
1. Click the File tab, and click Options > Protocol Definitions.
2. Click the applications definitions tab you want to add to (below the Start and Stop buttons).
3. Click Add Derived Application.
The Add Derived Application window appears.
4. Type a name for the derived application (this name will appear in reports and throughout Observer) and choose from which application it stems.
The Add Application Definition window appears.
5. Specify the port or port range and optional IP address on which the application is found, and click OK.
 
Your new derived application now appears in the list of application definitions. Most importantly, the new application is discoverable using the Server Application Discovery tool and, if the application is seen, it is recognized correctly by Observer.