36. Reports » Devices » Overview¶
In the Overview tab, you can check the most important operational parameters and statistics, collected in realtime from all software components and servers.
36.1. Console¶
Status |
A green check mark indicates that Console is connected to the WANsupervisor service. When a red “X” appears, start the WANsupervisor service on the Console server. |
Online Users |
Active Console sessions. |
Avg. DB Bits/s (In/Out) |
Average number of bits per second sent and received since the start of the database. |
Avg. DB Queries/s |
Average number of queries per second since the start of the database. |
DB Clients |
DB clients that are currently using the database. |
DB Connections |
Active connections to the database. |
DB Size |
Disk space used by the database. |
Free DB Disk |
Disk space available on the partition configured to store the database. |
Free Graphs Disk |
Disk space available on the partition configured to store IP graphs. |
Time Zone |
Time zone of the Console server. |
Console Time |
The clock from the Console server. |
Uptime |
Uptime of the database. |
36.2. Servers¶
Status |
A green check mark indicates that the server is connected to the database. When a red “X” is displayed, start the WANsupervisor service and make sure that the clock from the Console server is synchronized with the clock from the remote server. |
Server Name |
Displays the name of the server and the associated color. Click to open a new tab with data specific to the server. Administrators and operators can right-click to open the Server Configuration window. |
Load |
Load average reported by the Linux kernel for the last 5 minutes. |
Free RAM |
Available RAM. Swap memory not counted. |
CPU% User |
Percentage of CPU resources used by userspace processes. Can be >100% on multiple cores/CPUs (e.g., the maximum value for a quad-core system is 400%). |
CPU% System |
Percentage of CPU resources used by the kernel. Can be >100% on multiple cores/CPUs. |
CPU% IOwait |
Percentage of CPU resources waiting for I/O operations to complete. A high number indicates an I/O bottleneck. |
CPU% Idle |
Percentage of idle CPU resources. Can be >100% on multiple cores/CPUs. |
Free Flows Disk |
Disk space available on the partition configured to store flows. |
Free Dumps Disk |
Disk space available on the partition configured to store packet dumps. |
Contexts/IRQs/SoftIRQs |
Context switches, hardware interrupts, and software interrupts per second. |
Uptime |
Uptime of the operating system. |
36.3. BGP Connectors¶
Status |
A green check mark indicates that the BGP peer is connected to the configured backend (Quagga, FRR, or ExaBGP). |
BGP Connector Name |
Displays the name of the BGP Connector. |
BGP Peer |
IP address of a neighbor. |
AS Number |
Autonomous system. |
Msgs Rcvd/Sent |
BGP messages received/sent from/to that neighbor. |
Table Version |
Last version of the BGP database that was sent to that neighbor. Not available for ExaBGP. |
InQ/QutQ |
Number of messages from that neighbor waiting to be processed. Not available for ExaBGP. |
QutQ |
Number of messages waiting to be sent to that neighbor. Not available for ExaBGP. |
Up / Down |
The length of time that the BGP session has been in state Established, or the current state if it is not Established. |
State / Prefixes Rcvd |
Current state of the BGP session/the number of prefixes the router has received from a neighbor or peer group. When the maximum number (as set by the neighbor maximum-prefix command) is reached, the string PfxRcd appears in the entry, the neighbor is shut down, and the connection is Idle. An (Admin) entry with Idle status indicates that the connection has been shut down using the neighbor shutdown command. |
Server |
Server that runs the BGP Connector. |
36.4. Dataplane¶
Status |
A green check mark indicates that the DPDK Capture Engine is working. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log. |
Process Name |
Displays the name of the Packet Sensor or Packet Filter configured to use the DPDK Capture Engine. |
Pkts/s (RX/TX) |
Inbound and outbound packet rate. |
Bits/s (RX/TX) |
Inbound and outbound throughput. |
RX Burst |
Number of packets processed in parallel by the RX lcore(s). |
RX Nobuf |
A non-zero number indicates insufficient buffers for the RX lcore(s). |
RX Dropped |
Number of packets/s dropped by the HW because there are no available buffer in the RX lcore(s). These packets do not reach the distributor(s), therefore a large number indicates that more RX core(s) are needed. |
RX Enq. |
Percentage of of RX packets successfully sent to distributors. A value less than 100% indicates that more distributors are needed or that the Distributor Mode is not optimal. |
TX Burst |
Number of packets sent in parallel by the TX lcore(s). |
Distributors Enq. |
Percentage of metadata sent by distributor(s) to worker(s). |
Workers Deq. |
Percentage of metadata processed by worker(s). A value less than 100% indicates that more worker lcore(s) are needed. |
36.5. Sensor Cluster¶
Status |
A green check mark indicates that the Sensor Cluster is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log. |
Sensor Name |
Displays the name of the Sensor Cluster and the associated color. Click to open a new tab with data specific to the Sensor Cluster. Administrators and operators can right-click to open the Sensor Cluster configuration window. |
Pkts/s (In / Out) |
Inbound and outbound packet rate. |
Inbound Bits/s |
Inbound throughput and usage percent. |
Outbound Bits/s |
Outbound throughput and usage percent. |
Received Pkts/s |
Packets/second reported by the associated Sensors. |
IPs (Int./Ext.) |
Number of IP addresses that sent or received traffic. The Int(ernal)/Ext(ernal) IPs are IPs from inside/outside the IP Zone. The Stats Engine parameter from the associated Sensors’ configurations enables or disables the monitoring of external IPs. |
Dropped |
Packets dropped by the Server Cluster. |
CPU% |
Percentage of CPUs used by the process. |
RAM |
Amount of memory used by the process. |
Start Time |
Time when the Sensor Cluster started. |
Server |
Server that runs the Sensor Cluster. |
36.6. Packet Sensors¶
Status |
A green check mark indicates that the Packet Sensor is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log. |
Sensor Name |
Displays the name of the Packet Sensor and the associated color. Click to open a new tab with specific information. Administrators and operators can right-click to open the Packet Sensor Configuration window. |
Pkts/s (In / Out) |
Inbound and outbound packet rate after IP or MAC validation. |
Inbound Bits/s |
Inbound throughput after IP/MAC Validation, and the usage percent. |
Outbound Bits/s |
Outbound throughput after IP/MAC Validation, and the usage percent. |
Received Pkts/s |
Rate of packets sniffed before IP/MAC Validation. |
IPs (Int / Ext) |
IP addresses that sent or received traffic. The Int(ernal)/Ext(ernal) IPs are the IPs from inside/outside the IP Zone. The Stats Engine parameter from the Sensor configuration enables or disables the monitoring of external IPs. |
Dropped |
Packets dropped by the packet capturing engine. A high number usually indicates a sniffing performance problem. |
CPU% |
Percentage of CPUs used by the process. |
RAM |
Amount of memory used by the process. |
Start Time |
Time when the Packet Sensor started. |
Server |
Server that runs the Packet Sensor. |
36.7. Flow Sensors¶
Status |
A green check mark indicates that the Flow Sensor is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log. |
Sensor Name |
Displays the name of the Flow Sensor. Click to open a new tab with specific data. Administrators and operators can right-click to open the Flow Sensor Configuration window. |
Interface |
Interface name and the associated color. If the interface names are missing for more than 5 minutes after the Flow Sensor has started, check the Flow Sensor Troubleshooting guide. |
Pkts/s (In / Out) |
Inbound and outbound packet rate after IP/AS Validation. |
Inbound Bits/s |
Inbound throughput after IP/AS Validation, and usage percent. |
Outbound Bits/s |
Outbound throughput after IP/AS Validation, and usage percent. |
IPs (Int / Ext) |
IP addresses that send or receive traffic. The Int(ernal)/Ext(ernal) IPs are the IPs from inside/outside the IP Zone. The Stats Engine parameter from the Sensor configuration enables or disables the monitoring of external IPs. |
Flows/s |
Number of flow per second received by the Flow Sensor. |
Flows Delay |
Because traffic data must be aggregated, flow devices export flows with a configured delay. This field contains the maximum flows delay detected by the Flow Sensor. Flow Sensor cannot run with flow delays higher than 5 minutes. |
Dropped |
Unaccounted flows. A high number indicates a performance problem of the Flow Sensor or a network connectivity issue with the flow exporter. |
CPU% |
Percentage of CPU resources used by the Flow Sensor process. |
RAM |
Amount of RAM used by the Flow Sensor process. |
Start Time |
Time when the Flow Sensor started. |
Server |
Server that runs the Flow Sensor. |
36.8. SNMP Sensors¶
Status |
A green check mark indicates that the SNMP Sensor is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log. |
Sensor Name |
Displays the name of the SNMP Sensor. Click to open a new tab with specific data. Administrators and operators can right-click to open the SNMP Sensor Configuration window. |
Interface |
Interface name and the associated color. |
Pkts/s (In / Out) |
Inbound and outbound packet rate. |
Inbound Bits/s |
Inbound throughput and usage percent. |
Outbound Bits/s |
Outbound throughput and usage percent. |
Errors/s (In / Out) |
For packet-oriented interfaces, it represents the number of inbound and outbound packets that contained errors, preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces, it represents the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. |
Discards/s (In / Out) |
Discarded inbound and outbound packets even though no errors were detected to prevent them from being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. |
Oper. Status |
Current operational state of the interface. The Testing state indicates that no operational packets can be passed. If Administrative Status is Down then Operational Status should be Down. If Administrative Status is changed to Up then Operational Status should change to Up if the interface is ready to transmit and receive network traffic; it should change to Dormant if the interface is waiting for external actions (such as a serial line waiting for an incoming connection); it should remain in the Down state if and only if there is a fault that prevents it from going to the Up state; it should remain in the NotPresent state if the interface has missing (typically, hardware) components. |
Admin. Status |
Desired state of the interface. The Testing state indicates that no operational packets can be passed. When a managed system initializes, all interfaces start with the Administrative Status in the Down state. As a result of either explicit management action or per configuration information retained by the managed system, the Administrative Status is then changed to either the Up or Testing states (or remains in the Down state). |
CPU% |
Percentage of CPU resources used by the process. |
RAM |
Amount of RAM used by the process. |
Start Time |
Time when the SNMP Sensor started. |
Server |
The server that runs the SNMP Sensor. |
36.9. Filters¶
Status |
A green check mark indicates that the Filter is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log. |
Filter Name |
Displays the Filter and the associated color. Click to open a new tab with specific data. Administrators and operators can right-click to open the Filter Configuration window. |
Anomaly № |
When a Filter instance is activated by a Response to mitigate an anomaly, the field contains the link to the anomaly report. Otherwise, the field contains the message “No active instance”, which doesn’t indicate any error. |
Prefix |
IP address/mask from your network that is originating or being the target of the attack. Click to open a tab with specific data. |
IP Group |
IP group of the prefix. Click to open a tab with data specific to the IP group. |
Decoder |
Decoder used for detecting the abnormal traffic. |
Pkts/s |
Packets/second rate sent to the attacked prefix. |
Bits/s |
Bits/second throughput sent to the attacked prefix. |
IPs (Ext.) |
Number of IP addresses sending traffic to the attacked prefix. |
Dropped |
Rate of packets dropped by the packet capturing engine. A very high number indicates a performance problem related to packet sniffing. |
Peak CPU% |
Maximum percentage of CPU resources used by the Filter instance. |
Peak RAM |
Maximum amount of RAM used by the Filter instance. |
Start Time |
Time when the Filter instance started mitigating the anomaly. |
Server |
The server that runs the Filter instance. |