VMX-Prism is a Beeks Analytics packet capture system that runs on your appliance to support advanced querying, analysis, and decoding of packet captures.

VMX-Prism is designed to support a distributed network of capture probes, and offers a unified way of navigating the capture repository and querying all captured data. VMX-Explorer includes a standard dashboard that visualises VMX-Prism data.

Use VMX-Prism to:

1.  Get individual packet capture information from a specific Prism instance on a specific appliance via the Prism REST API.

2. Get amalgamated packet capture information from multiple Prism instances on different appliances via the Prism REST API.

Example Distributed Capture Use Case - New Jersey Equity Triangle

The diagram above shows an example deployment of VMX-Prism to provide access to packet captures at all three sites in the New Jersey equity triangle.

VMX-Prism in more detail

The diagram below shows how, in VMX-Explorer, each different data source targets an individual environment that has one or more capture boxes and an Analysis server. These multiple data sources can all present data within the same dashboard. Each VMX-Capture appliance has an instance of VMX-Capture, VMX-Prism, PCAP files, a Packet file re-analyser, and a Time Series Store. All Prism queries from VMX-Explorer are routed to the Beeks Analytics REST API and target either one capture box or multiple capture boxes. The queries are executed independently, in parallel, on the different appliances, with the REST API amalgamating the different results before returning these to the originating Data Source.

Beeks Analytics REST API Prism endpoint

The Beeks Analytics REST API includes a series of VMX-Prism calls for querying the following:

• Capture Probes

• Stack Probes

• Stack Probe Filters

• Retro Query job details

• PCAP files by retro job

• JSON files by retro job

• JSON stats by retro job

The queries return individual or amalgamated results to the VMX-Prism dashboard in VMX-Explorer.

The REST API uses the local vmx-servers.cfg file to locate VMX-Prism instances in the distributed environment.

VMX-Prism dashboard

VMX-Explorer includes a standard VMX-Prism dashboard called Packet Query Management VMX-Prism, that allows you to specify the Prism instance you want to target. This dashboard requests and retrieves information via the REST API and offers:

• PCAP file download.

• PCAP saved query feature. Choose to persist a common query, so that you can re-run it on a new timeframe without having to re-enter the BPF filter.

• JSON digest. The PCAP file can be processed through a decoder to produce a JSON digest, showing all the decoded fields of one or more protocol layers. You can use this to, for example, obtain a parseable history of FIX messages that are contained in a particular logfile.

• Statistical summary of PCAP contents, including mappings and aggregations.

In order to help analyse the PCAP, the dashboard demonstrates:

• how you can use the REST API to retrieve a list of PMUXs in the current environment with configuration information, and retrieve a list of Stack probes and their configuration in any given PMUX.

• how to retrieve packet filter summary information from a list of Stack probes.

• how to use advanced filtering including inclusive and exclusive filtering.

• how to add selected stack probes and job options to a particular packet query Job.

• how to construct a set of stack configurations and script to run to generate the query output.