32. Reports » Devices » Overview¶
Here you can see the most important operational parameters collected in realtime from all active software components and servers:
The Console table displays the following data:
Status |
A green check mark indicates that Console is functioning properly. When a red “X” appears, enable the WANsupervisor service on the Console server |
Online Users |
Active Console sessions |
Avg. DB Bits/s (In/Out) |
Average number of bits/s sent and received since the start of the database |
Avg. DB Queries/s |
Average number of queries per second since the start of the database |
DB Clients |
DB clients that are currently using the database |
DB Connections |
Active connections to the database |
DB Size |
Disk space used by the database |
Free DB Disk |
Disk space available on the partition configured to store the Console database |
Free Graphs Disk |
Disk space available on the partition configured to store IP graphs |
Time Zone |
Time zone of the Console server |
Console Time |
The clock from the Console server |
Uptime |
Uptime of the database |
The Servers table displays the following data for each server that runs software components of Wanguard:
Status |
A green check mark indicates that the server is connected to the database. When a red “X” is displayed, start the WANsupervisor service and make sure that the clock from the Console server is synchronized with the clock from the remote server |
Server Name |
Displays the name of the server and the associated color. Click to open a new tab with data specific to the server. Administrators and operators can right-click to open the Server Configuration window |
Load |
Load average reported by the Linux kernel for the last 5 minutes |
Free RAM |
Available RAM. Swap memory not counted |
CPU% User |
Percentage of CPU resources used by the user space processes. Can be >100% on multiple cores/CPUs (e.g. the maximum value for a quad-core system is 400%) |
CPU% System |
Percentage of CPU resources used by the kernel. Can be >100% on multiple cores/CPUs (e.g. the maximum value for a quad-core system is 400%) |
CPU% IOwait |
Percentage of CPU resources waiting for I/O operations to complete. A high number indicates an I/O bottleneck |
CPU% Idle |
Percentage of idle CPU resources. Can be >100% on multiple cores/CPUs (e.g. the maximum value for a quad-core system is 400%) |
Free Flows Disk |
Disk space available on the partition that is configured to store flows |
Free Dumps Disk |
Disk space available on the partition that is configured to store packet dumps |
Contexts/IRQs/SoftIRQs |
Context switches, hardware interrupts and software interrupts per second |
Uptime |
Uptime of the operating system |
The Sensor Clusters table displays the following data when there is at least one Sensor Cluster active:
Status |
A green check mark indicates that the Sensor Cluster is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log (see Configuration » Schedulers » Event Reporting ) |
Sensor Name |
Displays the name of the Sensor Cluster and the associated color. Click to open a new tab with data specific to the Sensor Cluster. Administrators and operators can right-click to open the Sensor Cluster configuration window |
Pkts/s (In / Out) |
Inbound and outbound packets/second throughput |
Inbound Bits/s |
Inbound bits/second throughput and the usage percent |
Outbound Bits/s |
Outbound bits/second throughput and the usage percent |
Received Pkts/s |
Packet/s reported by the associated Sensors |
Ips (Int./Ext.) |
Number of IP addresses that sent or received traffic. The Int(ernal)/Ext(ernal) IPs are the IPs from inside/outside the IP Zone. The Stats Engine parameter from the associated Sensors’ configurations enables or disables the monitoring of external IPs |
Dropped |
Packets dropped by the Server Cluster |
CPU% |
Percentage of CPUs used by the process |
RAM |
Amount of memory used by the process |
Start Time |
Time when the Sensor Cluster instance started |
Server |
Which server runs the Sensor Cluster. Click to open a tab with specific data. Administrators and operators can right-click to open the Server Configuration window |
The Packet Sensors table displays the following data when there is at least one Packet Sensor active:
Status |
A green check mark indicates that the Packet Sensor is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log (see Configuration » Schedulers » Event Reporting ) |
Sensor Name |
Displays the name of the Packet Sensor and the associated color. Click to open a new tab with specific information. Administrators and operators can right-click to open the Packet Sensor Configuration window |
Pkts/s (In / Out) |
Inbound and outbound packets/second throughput after IP or MAC validation |
Inbound Bits/s |
Inbound bits/second throughput after IP / MAC Validation, and the usage percent |
Outbound Bits/s |
Outbound bits/second throughput after IP / MAC Validation, and the usage percent |
Received Pkts/s |
Rate of sniffed packets before IP / MAC Validation |
Ips (Int / Ext) |
IP addresses that sent or received traffic. The Int(ernal)/Ext(ernal) IPs are the IPs from inside/outside the IP Zone. The Stats Engine parameter from the Sensor configuration enables or disables the monitoring of external IPs |
Dropped |
Packets dropped by the packet capturing engine. A high number usually indicates a sniffing performance problem |
CPU% |
Percentage of CPUs used by the process |
RAM |
Amount of memory used by the process |
Start Time |
Time when the Packet Sensor started |
Server |
Which server runs the Packet Sensor. Click to open a tab with specific data. Administrators and operators can right-click to open the Server Configuration window |
The Flow Sensors table displays the following data when there is at least one Flow Sensor active:
Status |
A green check mark indicates that the Flow Sensor is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log (see Configuration » Schedulers » Event Reporting ) |
Sensor Name |
Displays the name of the Flow Sensor. Click to open a new tab with specific data. Administrators and operators can right-click to open the Flow Sensor Configuration window |
Interface |
Interface name and the associated color. If the interface names are missing for more than 5 minutes after the Flow Sensor has started, check the Flow Sensor Troubleshooting guide |
Pkts/s (In / Out) |
Inbound and outbound packets/second throughput after IP / AS Validation |
Inbound Bits/s |
Inbound bits/second throughput after IP / AS Validation, and usage percent |
Outbound Bits/s |
Outbound bits/second throughput after IP / AS Validation, and usage percent |
Ips (Int / Ext) |
IP addresses that send or receive traffic. The Int(ernal)/Ext(ernal) IPs are the IPs from inside/outside the IP Zone. The Stats Engine parameter from the Sensor configuration enables or disables the monitoring of external IPs |
Flows/s |
Flows per second received by the Flow Sensor |
Flows Delay |
Because traffic data must be aggregated, flow devices export flows with a configured delay. Some devices export flows much later than the configured delay and this field contains the maximum flows delay detected by the Flow Sensor. Flow Sensor cannot run with flow delays higher than 5 minutes |
Dropped |
Unaccounted flows. A high number indicates a performance problem of the Flow Sensor or a network connectivity issue with the flow exporter |
CPU% |
Percentage of CPU resources used by the Flow Sensor process |
RAM |
Amount of RAM used by the Flow Sensor process |
Start Time |
Time when the Flow Sensor started |
Server |
Which server runs the Flow Sensor. Click to open a tab with specific data. Administrators and operators can right-click to open the Server Configuration window |
The SNMP Sensors table displays the following data when there is at least one SNMP Sensor active:
Status |
A green check mark indicates that the SNMP Sensor is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log (see Configuration » Schedulers » Event Reporting ) |
Sensor Name |
Displays the name of the SNMP Sensor. Click to open a new tab with specific data. Administrators and operators can right-click to open the SNMP Sensor Configuration window |
Interface |
Interface name and the associated color |
Pkts/s (In / Out) |
Inbound and outbound packets/second throughput |
Inbound Bits/s |
Inbound bits/second throughput and usage percent |
Outbound Bits/s |
Outbound bits/second throughput and usage percent |
Errors/s (In / Out) |
For packet-oriented interfaces, it represents the number of inbound and outbound packets that contained errors, preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces, it represents the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol |
Discards/s (In / Out) |
Discarded inbound and outbound packets even though no errors were detected to prevent them from being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space |
Oper. Status |
Current operational state of the interface. The Testing state indicates that no operational packets can be passed. If Administrative Status is Down then Operational Status should be Down. If Administrative Status is changed to Up then Operational Status should change to Up if the interface is ready to transmit and receive network traffic; it should change to Dormant if the interface is waiting for external actions (such as a serial line waiting for an incoming connection); it should remain in the Down state if and only if there is a fault that prevents it from going to the Up state; it should remain in the NotPresent state if the interface has missing (typically, hardware) components |
Admin. Status |
Desired state of the interface. The Testing state indicates that no operational packets can be passed. When a managed system initializes, all interfaces start with the Administrative Status in the Down state. As a result of either explicit management action or per configuration information retained by the managed system, the Administrative Status is then changed to either the Up or Testing states (or remains in the Down state) |
CPU% |
Percentage of CPU resources used by the process |
RAM |
Amount of RAM used by the process |
Start Time |
Time when the SNMP Sensor started |
Server |
Which server runs the SNMP Sensor. Click to open a tab with specific data. Administrators and operators can right-click to open the Server Configuration window |
The Filter Clusters, Packet Filters, and Flow Filters table displays the following data:
Status |
A green check mark indicates that the Filter is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log (see Configuration » Schedulers » Event Reporting ) |
Filter Name |
Displays the Filter and the associated color. Click to open a new tab with specific data. Administrators and operators can right-click to open the Filter Configuration window |
Anomaly № |
When a Filter instance is activated by a Response to mitigate an anomaly, the field contains the link to the anomaly report. Otherwise, the field contains the message “No active instance”, which is not an error |
Prefix |
IP address/mask of your network that is originating or being the target of the attack. Click to open a tab with specific data |
IP Group |
IP group of the prefix. Click to open a tab with data specific to the IP group |
Decoder |
Decoder used for detecting the abnormal traffic |
Pkts/s |
Packets/second throughput sent to the attacked prefix |
Bits/s |
Bits/second throughput sent to the attacked prefix |
IPs (Ext.) |
Number of IP addresses sending traffic to the attacked prefix |
Dropped |
Rate of packets dropped by the packet capturing engine. A very high number indicates a performance problem related to packet sniffing |
Peak CPU% |
Maximum percentage of CPU resources used by the Filter instance |
Peak RAM |
Maximum amount of RAM used by the Filter instance |
Start Time |
Time when the Filter instance started mitigating the anomaly |
Server |
Which server runs the Filter instance. Click to open a tab with specific data. Administrators and operators can right-click to open the Server Configuration window |