32. Reports » Devices » Overview

Here you can see the most important operational parameters collected in realtime from all active software components and servers:

The Console table displays the following data:

Status

A green check mark indicates that Console is functioning properly. When a red “X” appears, enable the WANsupervisor service on the Console server

Online Users

Active Console sessions

Avg. DB Bits/s (In/Out)

Average number of bits/s sent and received since the start of the database

Avg. DB Queries/s

Average number of queries per second since the start of the database

DB Clients

DB clients that are currently using the database

DB Connections

Active connections to the database

DB Size

Disk space used by the database

Free DB Disk

Disk space available on the partition configured to store the Console database

Free Graphs Disk

Disk space available on the partition configured to store IP graphs

Time Zone

Time zone of the Console server

Console Time

The clock from the Console server

Uptime

Uptime of the database

The Servers table displays the following data for each server that runs software components of Wanguard:

Status

A green check mark indicates that the server is connected to the database. When a red “X” is displayed, start the WANsupervisor service and make sure that the clock from the Console server is synchronized with the clock from the remote server

Server Name

Displays the name of the server and the associated color. Click to open a new tab with data specific to the server. Administrators and operators can right-click to open the Server Configuration window

Load

Load average reported by the Linux kernel for the last 5 minutes

Free RAM

Available RAM. Swap memory not counted

CPU% User

Percentage of CPU resources used by the user space processes. Can be >100% on multiple cores/CPUs (e.g. the maximum value for a quad-core system is 400%)

CPU% System

Percentage of CPU resources used by the kernel. Can be >100% on multiple cores/CPUs (e.g. the maximum value for a quad-core system is 400%)

CPU% IOwait

Percentage of CPU resources waiting for I/O operations to complete. A high number indicates an I/O bottleneck

CPU% Idle

Percentage of idle CPU resources. Can be >100% on multiple cores/CPUs (e.g. the maximum value for a quad-core system is 400%)

Free Flows Disk

Disk space available on the partition that is configured to store flows

Free Dumps Disk

Disk space available on the partition that is configured to store packet dumps

Contexts/IRQs/SoftIRQs

Context switches, hardware interrupts and software interrupts per second

Uptime

Uptime of the operating system

The Sensor Clusters table displays the following data when there is at least one Sensor Cluster active:

Status

A green check mark indicates that the Sensor Cluster is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log (see Configuration » Schedulers » Event Reporting )

Sensor Name

Displays the name of the Sensor Cluster and the associated color. Click to open a new tab with data specific to the Sensor Cluster. Administrators and operators can right-click to open the Sensor Cluster configuration window

Pkts/s (In / Out)

Inbound and outbound packets/second throughput

Inbound Bits/s

Inbound bits/second throughput and the usage percent

Outbound Bits/s

Outbound bits/second throughput and the usage percent

Received Pkts/s

Packet/s reported by the associated Sensors

Ips (Int./Ext.)

Number of IP addresses that sent or received traffic. The Int(ernal)/Ext(ernal) IPs are the IPs from inside/outside the IP Zone. The Stats Engine parameter from the associated Sensors’ configurations enables or disables the monitoring of external IPs

Dropped

Packets dropped by the Server Cluster

CPU%

Percentage of CPUs used by the process

RAM

Amount of memory used by the process

Start Time

Time when the Sensor Cluster instance started

Server

Which server runs the Sensor Cluster. Click to open a tab with specific data. Administrators and operators can right-click to open the Server Configuration window

The Packet Sensors table displays the following data when there is at least one Packet Sensor active:

Status

A green check mark indicates that the Packet Sensor is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log (see Configuration » Schedulers » Event Reporting )

Sensor Name

Displays the name of the Packet Sensor and the associated color. Click to open a new tab with specific information. Administrators and operators can right-click to open the Packet Sensor Configuration window

Pkts/s (In / Out)

Inbound and outbound packets/second throughput after IP or MAC validation

Inbound Bits/s

Inbound bits/second throughput after IP / MAC Validation, and the usage percent

Outbound Bits/s

Outbound bits/second throughput after IP / MAC Validation, and the usage percent

Received Pkts/s

Rate of sniffed packets before IP / MAC Validation

Ips (Int / Ext)

IP addresses that sent or received traffic. The Int(ernal)/Ext(ernal) IPs are the IPs from inside/outside the IP Zone. The Stats Engine parameter from the Sensor configuration enables or disables the monitoring of external IPs

Dropped

Packets dropped by the packet capturing engine. A high number usually indicates a sniffing performance problem

CPU%

Percentage of CPUs used by the process

RAM

Amount of memory used by the process

Start Time

Time when the Packet Sensor started

Server

Which server runs the Packet Sensor. Click to open a tab with specific data. Administrators and operators can right-click to open the Server Configuration window

The Flow Sensors table displays the following data when there is at least one Flow Sensor active:

Status

A green check mark indicates that the Flow Sensor is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log (see Configuration » Schedulers » Event Reporting )

Sensor Name

Displays the name of the Flow Sensor. Click to open a new tab with specific data. Administrators and operators can right-click to open the Flow Sensor Configuration window

Interface

Interface name and the associated color. If the interface names are missing for more than 5 minutes after the Flow Sensor has started, check the Flow Sensor Troubleshooting guide

Pkts/s (In / Out)

Inbound and outbound packets/second throughput after IP / AS Validation

Inbound Bits/s

Inbound bits/second throughput after IP / AS Validation, and usage percent

Outbound Bits/s

Outbound bits/second throughput after IP / AS Validation, and usage percent

Ips (Int / Ext)

IP addresses that send or receive traffic. The Int(ernal)/Ext(ernal) IPs are the IPs from inside/outside the IP Zone. The Stats Engine parameter from the Sensor configuration enables or disables the monitoring of external IPs

Flows/s

Flows per second received by the Flow Sensor

Flows Delay

Because traffic data must be aggregated, flow devices export flows with a configured delay. Some devices export flows much later than the configured delay and this field contains the maximum flows delay detected by the Flow Sensor. Flow Sensor cannot run with flow delays higher than 5 minutes

Dropped

Unaccounted flows. A high number indicates a performance problem of the Flow Sensor or a network connectivity issue with the flow exporter

CPU%

Percentage of CPU resources used by the Flow Sensor process

RAM

Amount of RAM used by the Flow Sensor process

Start Time

Time when the Flow Sensor started

Server

Which server runs the Flow Sensor. Click to open a tab with specific data. Administrators and operators can right-click to open the Server Configuration window

The SNMP Sensors table displays the following data when there is at least one SNMP Sensor active:

Status

A green check mark indicates that the SNMP Sensor is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log (see Configuration » Schedulers » Event Reporting )

Sensor Name

Displays the name of the SNMP Sensor. Click to open a new tab with specific data. Administrators and operators can right-click to open the SNMP Sensor Configuration window

Interface

Interface name and the associated color

Pkts/s (In / Out)

Inbound and outbound packets/second throughput

Inbound Bits/s

Inbound bits/second throughput and usage percent

Outbound Bits/s

Outbound bits/second throughput and usage percent

Errors/s (In / Out)

For packet-oriented interfaces, it represents the number of inbound and outbound packets that contained errors, preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces, it represents the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol

Discards/s (In / Out)

Discarded inbound and outbound packets even though no errors were detected to prevent them from being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space

Oper. Status

Current operational state of the interface. The Testing state indicates that no operational packets can be passed. If Administrative Status is Down then Operational Status should be Down. If Administrative Status is changed to Up then Operational Status should change to Up if the interface is ready to transmit and receive network traffic; it should change to Dormant if the interface is waiting for external actions (such as a serial line waiting for an incoming connection); it should remain in the Down state if and only if there is a fault that prevents it from going to the Up state; it should remain in the NotPresent state if the interface has missing (typically, hardware) components

Admin. Status

Desired state of the interface. The Testing state indicates that no operational packets can be passed. When a managed system initializes, all interfaces start with the Administrative Status in the Down state. As a result of either explicit management action or per configuration information retained by the managed system, the Administrative Status is then changed to either the Up or Testing states (or remains in the Down state)

CPU%

Percentage of CPU resources used by the process

RAM

Amount of RAM used by the process

Start Time

Time when the SNMP Sensor started

Server

Which server runs the SNMP Sensor. Click to open a tab with specific data. Administrators and operators can right-click to open the Server Configuration window

The Filter Clusters, Packet Filters, and Flow Filters table displays the following data:

Status

A green check mark indicates that the Filter is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log (see Configuration » Schedulers » Event Reporting )

Filter Name

Displays the Filter and the associated color. Click to open a new tab with specific data. Administrators and operators can right-click to open the Filter Configuration window

Anomaly №

When a Filter instance is activated by a Response to mitigate an anomaly, the field contains the link to the anomaly report. Otherwise, the field contains the message “No active instance”, which is not an error

Prefix

IP address/mask of your network that is originating or being the target of the attack. Click to open a tab with specific data

IP Group

IP group of the prefix. Click to open a tab with data specific to the IP group

Decoder

Decoder used for detecting the abnormal traffic

Pkts/s

Packets/second throughput sent to the attacked prefix

Bits/s

Bits/second throughput sent to the attacked prefix

IPs (Ext.)

Number of IP addresses sending traffic to the attacked prefix

Dropped

Rate of packets dropped by the packet capturing engine. A very high number indicates a performance problem related to packet sniffing

Peak CPU%

Maximum percentage of CPU resources used by the Filter instance

Peak RAM

Maximum amount of RAM used by the Filter instance

Start Time

Time when the Filter instance started mitigating the anomaly

Server

Which server runs the Filter instance. Click to open a tab with specific data. Administrators and operators can right-click to open the Server Configuration window