36. Reports » Devices » Overview¶
In the Overview tab, you can check the most important operational parameters and statistics, collected in realtime from all software components and servers.
36.1. Console¶
Status |
Green check mark: Console is connected to the WANsupervisor service. Red “X”: You have to configure and start the WANsupervisor service on the Console server. |
Online Users |
Number of active Console sessions. |
Avg. DB Bits/s (In/Out) |
Average bits per second sent/received since database initialization. |
Avg. DB Queries/s |
Average queries per second since database initialization. |
DB Clients |
DB clients currently accessing the database. |
DB Connections |
Active connections to the database. |
DB Size |
Disk space used by the database. |
Free DB Disk |
Available space on the partition storing the database. |
Free Graphs Disk |
Available space on the partition storing IP graphs. |
Time Zone |
Time zone of the Console server. |
Console Time |
The Console server’s clock. |
Uptime |
Database uptime. |
36.2. Servers¶
Status |
Green check mark: The server is connected to the database. Red “X”: Start the WANsupervisor service and ensure the Console server clock is in sync with the remote server’s clock. |
Server Name |
Displays the server name and its assigned color. Click to open a new tab with server-specific details. Administrators and operators can right-click to open the Server Configuration window. |
Load |
The 5-minute load average reported by the Linux kernel. |
Free RAM |
Amount of available RAM (swap not included). |
CPU% User |
CPU resources used by userspace processes. Can exceed 100% on multi-core CPUs (e.g., max 400% on a quad-core). |
CPU% System |
CPU resources used by the kernel. Also can exceed 100% on multi-core CPUs. |
CPU% IOwait |
CPU resources waiting for I/O to complete. A high value indicates an I/O bottleneck. |
CPU% Idle |
Idle CPU resources. Can exceed 100% on multi-core CPUs. |
Free Flows Disk |
Available space on the partition storing flows. |
Free Dumps Disk |
Available space on the partition storing packet dumps. |
Contexts/IRQs/SoftIRQs |
Context switches, hardware interrupts, and software interrupts per second. |
Uptime |
Operating system uptime. |
36.3. BGP Connectors¶
Status |
Green check mark: The BGP peer is connected to the configured backend (FRR, ExaBGP or GoBGP). Red “X”: The BGP Connector is not functioning; check the event log for errors. |
BGP Connector Name |
Displays the name of the BGP Connector. |
BGP Peer |
The IP address of a neighbor |
AS Number |
Autonomous system number. |
Msgs Rcvd/Sent |
The number of BGP messages received/sent from/to that neighbor. |
Table Version |
Last version of the BGP database that was sent to that neighbor. Available only for FRR. |
InQ/QutQ |
Number of messages from that neighbor waiting to be processed, and waiting to be sent. Available only for FRR. |
Up / Down |
Time the BGP session has been Established, or the current state if not Established. |
State / Prefixes Rcvd |
The current BGP session state / the number of prefixes the router has received from a neighbor/peer group. If the neighbor hits its maximum prefix (set by the neighbor maximum-prefix command), the neighbor is shut down, and the connection goes Idle. An (Admin) Idle status means the connection was shut down using neighbor shutdown. |
Server |
Shows which server is running the BGP Connector. |
36.4. Dataplane¶
Status |
Green check mark: DPDK Capture Engine is working. Red “X”: Ensure the WANsupervisor service is running; check the event log for errors. |
Process Name |
Shows the Packet Sensor or Packet Filter configured to use the DPDK Capture Engine. |
Pkts/s (RX/TX) |
Inbound and outbound packet rates. |
Bits/s (RX/TX) |
Inbound and outbound throughput. |
RX Burst |
Number of packets processed in parallel by the RX lcore(s). |
RX Nobuf |
Non-zero indicates insufficient buffers for the RX lcore(s). |
RX Dropped |
Packets/s dropped by hardware due to no available buffers in RX lcore(s). A large value suggests more RX cores are needed. |
RX Enq. |
Percentage of RX packets successfully sent to distributors. Values under 100% suggest a suboptimal Distributor Mode or that more distributors are needed. |
TX Burst |
Number of packets sent in parallel by the TX lcore(s). |
Distributors Enq. |
Percentage of metadata sent from the distributor(s) to worker(s). |
Workers Deq. |
Percentage of metadata processed by worker(s). Under 100% suggests more worker lcore(s) are needed. |
36.5. Sensor Cluster¶
Status |
Green check mark: Sensor Cluster is connected to the database. Red “X”: Ensure the WANsupervisor service is running and check the event log for errors. |
Sensor Name |
Shows the Sensor Cluster’s name and color. Click to open more details; right-click (if you are admin/operator) to open its configuration. |
Pkts/s (In / Out) |
Inbound/outbound packet rate. |
Inbound Bits/s |
Inbound throughput plus usage percentage. |
Outbound Bits/s |
Outbound throughput plus usage percentage. |
Received Pkts/s |
Packets per second reported by the associated Sensors. |
IPs (Int./Ext.) |
Number of internal and external IPs that sent/received traffic. Internal/External classification depends on the IP Zone. Monitoring external IPs depends on the Stats Engine parameter in the associated Sensors. |
Dropped |
Packets dropped by the Server Cluster. |
CPU% |
The percentage of CPU usage for this process. |
RAM |
Memory used by the process. |
Start Time |
The time when the Sensor Cluster started. |
Server |
The server hosting the Sensor Cluster. |
36.6. Packet Sensors¶
Status |
Green check mark: Packet Sensor is connected to the database. Red “X”: Ensure WANsupervisor is running; check event log for errors. |
Sensor Name |
Shows the Packet Sensor’s name and color. Click to open more details; right-click (if you are admin/operator) to open its configuration. |
Pkts/s (In / Out) |
Inbound/outbound packet rate after IP Validation and MAC Validation. |
Inbound Bits/s |
Inbound throughput post IP/MAC Validation, plus usage percentage. |
Outbound Bits/s |
Outbound throughput post IP/MAC Validation, plus usage percentage. |
Received Pkts/s |
Packets/s captured before IP/MAC Validation. |
IPs (Int / Ext) |
Count of internal/external IP addresses seen. Internal = within IP Zone; external = outside IP Zone. Enabling external IP monitoring depends on the Stats Engine parameter. |
Dropped |
Packets dropped by the capturing engine. A large value often indicates a performance bottleneck. |
CPU% |
How much CPU the Sensor process uses (can exceed 100% on multi-core systems). |
RAM |
Memory footprint of the process. |
Start Time |
The date/time the Packet Sensor began running. |
Server |
Indicates which server is running the Packet Sensor. |
36.7. Flow Sensors¶
Status |
Green check mark: Flow Sensor is connected to the database. Red “X”: Ensure the WANsupervisor service is running; check the event log for errors. |
Sensor Name |
Shows the Flow Sensor’s name. Click to open more details; right-click (if you are admin/operator) to open its configuration. |
Interface |
Interface name and color. If names are missing for more than 5 minutes after startup, see the Flow Sensor Troubleshooting guide. |
Pkts/s (In / Out) |
Inbound/outbound packet rate post IP Validation and AS Validation. |
Inbound Bits/s |
Inbound throughput post IP/AS Validation, plus usage percentage. |
Outbound Bits/s |
Outbound throughput post IP/AS Validation, plus usage percentage. |
IPs (Int / Ext) |
Counts IP addresses sending or receiving traffic. Internal IPs are in the IP Zone; external IPs are outside. Whether external IPs are monitored depends on the Stats Engine parameter. |
Flows/s |
Flows per second received by the Flow Sensor. |
Flow Delay |
Maximum flow delay detected by the Sensor. Flow devices export flows after a set delay. The Sensor cannot handle delays >5 minutes. |
Dropped |
Unaccounted flows. Large values suggest performance issues or network problems with the flow exporter. |
CPU% |
Percentage of CPU used by the Flow Sensor. |
RAM |
Memory usage of the Flow Sensor process. |
Start Time |
Time the Flow Sensor started. |
Server |
Which server is running the Flow Sensor. |
36.8. SNMP Sensors¶
Status |
Green check mark: SNMP Sensor is connected to the database. Red “X”: Ensure the WANsupervisor service is running; check the event log for errors. |
Sensor Name |
Displays the SNMP Sensor’s name. Click to open more details; right-click (if you are admin/operator) to open its configuration. |
Interface |
Interface name and associated color. |
Pkts/s (In / Out) |
Inbound/outbound packet rate. |
Inbound Bits/s |
Inbound throughput, plus usage percentage. |
Outbound Bits/s |
Outbound throughput, plus usage percentage. |
Errors/s (In / Out) |
For packet-oriented interfaces, it represents the number of inbound and outbound packets that contained errors, preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces, it represents the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. |
Discards/s (In / Out) |
Discarded inbound and outbound packets even though no errors were detected to prevent them from being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. |
Oper. Status |
Current operational state of the interface. The Testing state indicates that no operational packets can be passed. If Administrative Status is Down then Operational Status should be Down. If Administrative Status is changed to Up then Operational Status should change to Up if the interface is ready to transmit and receive network traffic; it should change to Dormant if the interface is waiting for external actions (such as a serial line waiting for an incoming connection); it should remain in the Down state if and only if there is a fault that prevents it from going to the Up state; it should remain in the NotPresent state if the interface has missing (typically, hardware) components. |
Admin. Status |
Desired state of the interface. The Testing state indicates that no operational packets can be passed. When a managed system initializes, all interfaces start with the Administrative Status in the Down state. As a result of either explicit management action or per configuration information retained by the managed system, the Administrative Status is then changed to either the Up or Testing states (or remains in the Down state). |
CPU% |
Percentage of CPU used by the SNMP Sensor process. |
RAM |
Memory usage of the SNMP Sensor process. |
Start Time |
Time the SNMP Sensor started. |
Server |
Which server is running the SNMP Sensor. |
36.9. Filters¶
Status |
Green check mark: The Filter is connected to the database. Red “X”: Ensure the WANsupervisor service is running and check the event log for errors. |
Filter Name |
Displays the Filter’s name and color. Click to open more details; right-click (if you are admin/operator) to open its configuration. |
Anomaly № |
When a Filter instance is activated via a Response to mitigate an anomaly, this field has a link to the anomaly report. If it says “No active instance” it doesn’t necessarily indicate an error. |
Prefix |
IP address/mask (from your network) which is the target of the attack. Click to open a tab with details. |
IP Group |
The IP group containing the prefix. Click to open IP group–specific data. |
Decoder |
The decoder used to identify abnormal traffic. |
Pkts/s |
Packets per second sent to the attacked prefix. |
Bits/s |
Bits per second sent to the attacked prefix. |
IPs (Ext.) |
Number of external IP addresses sending traffic to the attacked prefix. |
Dropped |
Rate of packets dropped by the capturing engine. A very high rate indicates a sniffing performance issue. |
Peak CPU% |
Highest CPU usage recorded by this Filter instance. |
Peak RAM |
Maximum RAM usage recorded by this Filter instance. |
Start Time |
When the Filter instance began mitigating the anomaly. |
Server |
Which server is running the Filter instance. |