36. Reports » Devices » Overview

In the Overview tab, you can check the most important operational parameters and statistics, collected in realtime from all software components and servers.

36.1. Console

Reports » Devices » Overview » Console displays the following data:

Status

A green check mark indicates that Console is connected to the WANsupervisor service. When a red “X” appears, start the WANsupervisor service on the Console server.

Online Users

Active Console sessions.

Avg. DB Bits/s (In/Out)

Average number of bits per second sent and received since the start of the database.

Avg. DB Queries/s

Average number of queries per second since the start of the database.

DB Clients

DB clients that are currently using the database.

DB Connections

Active connections to the database.

DB Size

Disk space used by the database.

Free DB Disk

Disk space available on the partition configured to store the database.

Free Graphs Disk

Disk space available on the partition configured to store IP graphs.

Time Zone

Time zone of the Console server.

Console Time

The clock from the Console server.

Uptime

Uptime of the database.

36.2. Servers

Reports » Devices » Overview » Servers displays the following data for each server defined in Configuration » Servers:

Status

A green check mark indicates that the server is connected to the database. When a red “X” is displayed, start the WANsupervisor service and make sure that the clock from the Console server is synchronized with the clock from the remote server.

Server Name

Displays the name of the server and the associated color. Click to open a new tab with data specific to the server. Administrators and operators can right-click to open the Server Configuration window.

Load

Load average reported by the Linux kernel for the last 5 minutes.

Free RAM

Available RAM. Swap memory not counted.

CPU% User

Percentage of CPU resources used by userspace processes. Can be >100% on multiple cores/CPUs (e.g., the maximum value for a quad-core system is 400%).

CPU% System

Percentage of CPU resources used by the kernel. Can be >100% on multiple cores/CPUs.

CPU% IOwait

Percentage of CPU resources waiting for I/O operations to complete. A high number indicates an I/O bottleneck.

CPU% Idle

Percentage of idle CPU resources. Can be >100% on multiple cores/CPUs.

Free Flows Disk

Disk space available on the partition configured to store flows.

Free Dumps Disk

Disk space available on the partition configured to store packet dumps.

Contexts/IRQs/SoftIRQs

Context switches, hardware interrupts, and software interrupts per second.

Uptime

Uptime of the operating system.

36.3. BGP Connectors

Reports » Devices » Overview » BGP Connectors displays the following data for each BGP Connector active and configured with the Health Checker feature:

Status

A green check mark indicates that the BGP peer is connected to the configured backend (Quagga, FRR, or ExaBGP).

BGP Connector Name

Displays the name of the BGP Connector.

BGP Peer

IP address of a neighbor.

AS Number

Autonomous system.

Msgs Rcvd/Sent

BGP messages received/sent from/to that neighbor.

Table Version

Last version of the BGP database that was sent to that neighbor. Not available for ExaBGP.

InQ/QutQ

Number of messages from that neighbor waiting to be processed. Not available for ExaBGP.

QutQ

Number of messages waiting to be sent to that neighbor. Not available for ExaBGP.

Up / Down

The length of time that the BGP session has been in state Established, or the current state if it is not Established.

State / Prefixes Rcvd

Current state of the BGP session/the number of prefixes the router has received from a neighbor or peer group. When the maximum number (as set by the neighbor maximum-prefix command) is reached, the string PfxRcd appears in the entry, the neighbor is shut down, and the connection is Idle. An (Admin) entry with Idle status indicates that the connection has been shut down using the neighbor shutdown command.

Server

Server that runs the BGP Connector.

36.4. Dataplane

Reports » Devices » Overview » Dataplane displays the following data when there is at least one DPDK Capture Engine active:

Status

A green check mark indicates that the DPDK Capture Engine is working. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log.

Process Name

Displays the name of the Packet Sensor or Packet Filter configured to use the DPDK Capture Engine.

Pkts/s (RX/TX)

Inbound and outbound packet rate.

Bits/s (RX/TX)

Inbound and outbound throughput.

RX Burst

Number of packets processed in parallel by the RX lcore(s).

RX Nobuf

A non-zero number indicates insufficient buffers for the RX lcore(s).

RX Dropped

Number of packets/s dropped by the HW because there are no available buffer in the RX lcore(s). These packets do not reach the distributor(s), therefore a large number indicates that more RX core(s) are needed.

RX Enq.

Percentage of of RX packets successfully sent to distributors. A value less than 100% indicates that more distributors are needed or that the Distributor Mode is not optimal.

TX Burst

Number of packets sent in parallel by the TX lcore(s).

Distributors Enq.

Percentage of metadata sent by distributor(s) to worker(s).

Workers Deq.

Percentage of metadata processed by worker(s). A value less than 100% indicates that more worker lcore(s) are needed.

36.5. Sensor Cluster

Reports » Devices » Overview » Sensor Clusters displays the following data when there is at least one Sensor Cluster active:

Status

A green check mark indicates that the Sensor Cluster is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log.

Sensor Name

Displays the name of the Sensor Cluster and the associated color. Click to open a new tab with data specific to the Sensor Cluster. Administrators and operators can right-click to open the Sensor Cluster configuration window.

Pkts/s (In / Out)

Inbound and outbound packet rate.

Inbound Bits/s

Inbound throughput and usage percent.

Outbound Bits/s

Outbound throughput and usage percent.

Received Pkts/s

Packets/second reported by the associated Sensors.

IPs (Int./Ext.)

Number of IP addresses that sent or received traffic. The Int(ernal)/Ext(ernal) IPs are IPs from inside/outside the IP Zone. The Stats Engine parameter from the associated Sensors’ configurations enables or disables the monitoring of external IPs.

Dropped

Packets dropped by the Server Cluster.

CPU%

Percentage of CPUs used by the process.

RAM

Amount of memory used by the process.

Start Time

Time when the Sensor Cluster started.

Server

Server that runs the Sensor Cluster.

36.6. Packet Sensors

Reports » Devices » Overview » Packet Sensors displays the following data when there is at least one Packet Sensor active:

Status

A green check mark indicates that the Packet Sensor is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log.

Sensor Name

Displays the name of the Packet Sensor and the associated color. Click to open a new tab with specific information. Administrators and operators can right-click to open the Packet Sensor Configuration window.

Pkts/s (In / Out)

Inbound and outbound packet rate after IP or MAC validation.

Inbound Bits/s

Inbound throughput after IP/MAC Validation, and the usage percent.

Outbound Bits/s

Outbound throughput after IP/MAC Validation, and the usage percent.

Received Pkts/s

Rate of packets sniffed before IP/MAC Validation.

IPs (Int / Ext)

IP addresses that sent or received traffic. The Int(ernal)/Ext(ernal) IPs are the IPs from inside/outside the IP Zone. The Stats Engine parameter from the Sensor configuration enables or disables the monitoring of external IPs.

Dropped

Packets dropped by the packet capturing engine. A high number usually indicates a sniffing performance problem.

CPU%

Percentage of CPUs used by the process.

RAM

Amount of memory used by the process.

Start Time

Time when the Packet Sensor started.

Server

Server that runs the Packet Sensor.

36.7. Flow Sensors

Reports » Devices » Overview » Flow Sensors displays the following data when there is at least one Flow Sensor active:

Status

A green check mark indicates that the Flow Sensor is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log.

Sensor Name

Displays the name of the Flow Sensor. Click to open a new tab with specific data. Administrators and operators can right-click to open the Flow Sensor Configuration window.

Interface

Interface name and the associated color. If the interface names are missing for more than 5 minutes after the Flow Sensor has started, check the Flow Sensor Troubleshooting guide.

Pkts/s (In / Out)

Inbound and outbound packet rate after IP/AS Validation.

Inbound Bits/s

Inbound throughput after IP/AS Validation, and usage percent.

Outbound Bits/s

Outbound throughput after IP/AS Validation, and usage percent.

IPs (Int / Ext)

IP addresses that send or receive traffic. The Int(ernal)/Ext(ernal) IPs are the IPs from inside/outside the IP Zone. The Stats Engine parameter from the Sensor configuration enables or disables the monitoring of external IPs.

Flows/s

Number of flow per second received by the Flow Sensor.

Flow Delay

Because traffic data must be aggregated, flow devices export flows with a configured delay. This field contains the maximum flows delay detected by the Flow Sensor. Flow Sensor cannot run with flow delays higher than 5 minutes.

Dropped

Unaccounted flows. A high number indicates a performance problem of the Flow Sensor or a network connectivity issue with the flow exporter.

CPU%

Percentage of CPU resources used by the Flow Sensor process.

RAM

Amount of RAM used by the Flow Sensor process.

Start Time

Time when the Flow Sensor started.

Server

Server that runs the Flow Sensor.

36.8. SNMP Sensors

Reports » Devices » Overview » SNMP Sensors displays the following data when there is at least one SNMP Sensor active:

Status

A green check mark indicates that the SNMP Sensor is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log.

Sensor Name

Displays the name of the SNMP Sensor. Click to open a new tab with specific data. Administrators and operators can right-click to open the SNMP Sensor Configuration window.

Interface

Interface name and the associated color.

Pkts/s (In / Out)

Inbound and outbound packet rate.

Inbound Bits/s

Inbound throughput and usage percent.

Outbound Bits/s

Outbound throughput and usage percent.

Errors/s (In / Out)

For packet-oriented interfaces, it represents the number of inbound and outbound packets that contained errors, preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces, it represents the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol.

Discards/s (In / Out)

Discarded inbound and outbound packets even though no errors were detected to prevent them from being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space.

Oper. Status

Current operational state of the interface. The Testing state indicates that no operational packets can be passed. If Administrative Status is Down then Operational Status should be Down. If Administrative Status is changed to Up then Operational Status should change to Up if the interface is ready to transmit and receive network traffic; it should change to Dormant if the interface is waiting for external actions (such as a serial line waiting for an incoming connection); it should remain in the Down state if and only if there is a fault that prevents it from going to the Up state; it should remain in the NotPresent state if the interface has missing (typically, hardware) components.

Admin. Status

Desired state of the interface. The Testing state indicates that no operational packets can be passed. When a managed system initializes, all interfaces start with the Administrative Status in the Down state. As a result of either explicit management action or per configuration information retained by the managed system, the Administrative Status is then changed to either the Up or Testing states (or remains in the Down state).

CPU%

Percentage of CPU resources used by the process.

RAM

Amount of RAM used by the process.

Start Time

Time when the SNMP Sensor started.

Server

The server that runs the SNMP Sensor.

36.9. Filters

Reports » Devices » Overview » Filters displays the following data when there are at least one Filter Cluster, Packet Filter or Flow Filter active:

Status

A green check mark indicates that the Filter is connected to the database. If you see a red “X” instead, make sure that the WANsupervisor service is running and look for errors in the event log.

Filter Name

Displays the Filter and the associated color. Click to open a new tab with specific data. Administrators and operators can right-click to open the Filter Configuration window.

Anomaly №

When a Filter instance is activated by a Response to mitigate an anomaly, the field contains the link to the anomaly report. Otherwise, the field contains the message “No active instance”, which doesn’t indicate any error.

Prefix

IP address/mask from your network that is originating or being the target of the attack. Click to open a tab with specific data.

IP Group

IP group of the prefix. Click to open a tab with data specific to the IP group.

Decoder

Decoder used for detecting the abnormal traffic.

Pkts/s

Packets/second rate sent to the attacked prefix.

Bits/s

Bits/second throughput sent to the attacked prefix.

IPs (Ext.)

Number of IP addresses sending traffic to the attacked prefix.

Dropped

Rate of packets dropped by the packet capturing engine. A very high number indicates a performance problem related to packet sniffing.

Peak CPU%

Maximum percentage of CPU resources used by the Filter instance.

Peak RAM

Maximum amount of RAM used by the Filter instance.

Start Time

Time when the Filter instance started mitigating the anomaly.

Server

The server that runs the Filter instance.