Cyberoam Analytical Tool Guide

Analytical Tool Guide

Version 9

Document version 95466-1.0-25/06/2008

Important NoticeElitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecore assumes no responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.

USERS LICENSEThe Appliance described in this document is furnished under the terms of Elitecores End User license agreement. Please read these terms and conditions carefully before using the Appliance. By using this Appliance, you agree to be bound by the terms and conditions of this license. If you do not agree with the terms of this license, promptly return the unused Appliance and manual (with proof of payment) to the place of purchase for a full refund.

LIMITED WARRANTYSoftware: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which the Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the Software substantially conforms to its published specifications except for the foregoing, the software is provided AS IS. This limited warranty extends only to the customer as the original licenses. Customers exclusive remedy and the entire liability of Elitecore and its suppliers under this warranty will be, at Elitecore or its service centers option, repair, replacement, or refund of the software if reported (or, upon, request, returned) to the party supplying the software to the customer. In no event does Elitecore warrant that the Software is error free, or that the customer will be able to operate the software without problems or interruptions. Elitecore hereby declares that the anti virus and anti spam modules are powered by Kaspersky Labs and by Commtouch respectively and the performance thereof is under warranty provided by Kaspersky Labs and by Commtouch. It is specified that Kaspersky Lab does not warrant that the Software identifies all known viruses, nor that the Software will not occasionally erroneously report a virus in a title not infected by that virus. Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electrical components will be free from material defects in workmanship and materials for a period of One (1) year. Elitecore's sole obligation shall be to repair or replace the defective Hardware at no charge to the original owner. The replacement Hardware need not be new or of an identical make, model or part; Elitecore may, in its discretion, replace the defective Hardware (or any part thereof) with any reconditioned product that Elitecore reasonably determines is substantially equivalent (or superior) in all material respects to the defective Hardware.

DISCLAIMER OF WARRANTYExcept as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without limitation, any implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course of dealing, usage, or trade practice, and hereby excluded to the extent allowed by applicable law. In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential, incidental, or punitive damages however caused and regardless of the theory of liability arising out of the use of or inability to use the product even if Elitecore or its suppliers have been advised of the possibility of such damages. In the event shall Elitecores or its suppliers liability to the customer, whether in contract, tort (including negligence) or otherwise, exceed the price paid by the customer. The foregoing limitations shall apply even if the above stated warranty fails of its essential purpose. In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including, without limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or its suppliers have been advised of the possibility of such damages.

RESTRICTED RIGHTSCopyright 2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore Technologies Ltd.

CORPORATE HEADQUARTERSElitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad 380015, INDIA Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.elitecore.com , www.cyberoam.com

Cyberoam Analytical Tool Guide

ContentsTechnical Support........................................................................................................................................... 2 Typographic Conventions............................................................................................................................... 3

Introduction ....................................................................................................................................... 4 Accessing Analytical Tool ................................................................................................................. 4 Using Analytical tool ......................................................................................................................... 6 Gateway Reachability ....................................................................................................................... 9Connectivity Check ........................................................................................................................................ 9

Disk Usage........................................................................................................................................ 12 Database Status ............................................................................................................................... 13 DNS Status ....................................................................................................................................... 14 Authentication Server ..................................................................................................................... 15 HA Service ....................................................................................................................................... 16 HA Communication ........................................................................................................................ 17 System Monitor ............................................................................................................................... 18 Application Proxy status................................................................................................................. 19 HTTP Proxy statistics ..................................................................................................................... 20 HTTP Access log.............................................................................................................................. 24 Interface Info ................................................................................................................................... 27 System Health Graphs .................................................................................................................... 28CPU Info graphs ........................................................................................................................................... 28 Memory Info graphs ..................................................................................................................................... 29 Load Average graphs.................................................................................................................................... 30 Uptime graphs............................................................................................................................................... 31 Interface Info graphs..................................................................................................................................... 32

1


Technical SupportYou may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to Customer care/service department at the following address: Corporate Office eLitecore Technologies Ltd. 904, Silicon Tower Off C.G. Road Ahmedabad 380015 Gujarat, India. Phone: +91-79- 66065606 Fax: +91-79-26407640 Web site: www.elitecore.com Cyberoam contact: Technical support (Corporate Office): +91-79- 6400707 Email: [email protected] Web site: www.cyberoam.com

Visit www.cyberoam.com for the regional and latest contact information.

2


Typographic ConventionsMaterial in this manual is presented in text, screen displays, or command-line notation.

Item Server Client User Username Part titles

Convention

Example Machine where Cyberoam Software - Server component is installed Machine where Cyberoam Software - Client component is installed The end user Username uniquely identifies the user of the system

Bold and shaded font typefaces

ReportIntroductionNotation conventionsGroup Management Groups Create it means, to open the required page click on Group management then on Groups and finally click Create tab Enter policy name, replace policy name with the specific name of a policy Or Click Name to select where Name denotes command button text which is to be clicked refer to Customizing User database Clicking on the link will open the particular topic

Topic titles

Shaded font typefaces

Subtitles

Bold & Black typefaces Bold typeface

Navigation link

Name of a particular parameter / field / command button text Cross references

Lowercase italic type

Hyperlink in different color

3


IntroductionAnalytical Tool checks the health of the System in a single shot. It is used for troubleshooting and diagnosing problems found in the System. Analytical Tool is like a periodic health check up that helps to identify the impending System related problems. After identifying the problem, appropriate actions can be taken to solve the problems and keep the System running smoothly and efficiently. Analytical Tool shows the status of System. Based on the status, Administrator can judge whether the respective System component is working fine (OK Status), is facing a minor problem (Warning Status) or is having a major problem (Critical Status).

Accessing Analytical ToolOpen the browser and type http:///dg.html in the browsers URL box. A dialog box appears prompting you to log. Enter Administrator Username and Password and Click OK. Asterisks are the placeholders in the password field.

On successful login, Main Menu page is displayed. Main Menu screen:

4


To access any of the menu items, click the item name link. To return to the main menu screen, click the title bar Analytical Tool To log off, close the browser window

5


Using Analytical toolOnce you login successfully, Tool checks for the conditions that may affect the normal operation and shows the status of the various Network components. The level of severity of the status is displayed in the form of icon as: OK Green icon - Indicates Normal but significant conditions Warning Yellow icon - Indicates Abnormal operating conditions that require attention i.e. minor problem. Click the utility link to view detailed statistics Critical Red icon - Indicates Abnormal operating conditions that require attention immediately i.e. major problem. Click the utility link to view detailed statistics

Utilities

Description

Status OK Gateway reachable the Server Warning Some packet loss between the gateway and the server Critical Gateway is not reachable from the Server

Gateway Reachability

Displays the current status of Gateway Allows to check whether the Gateway is reachable or not Displays the disk usage summary like total partitions, total, available and and used space by

is from

Disk Usage

Disk usage in all the partitions is below 70%

Disk usage in one or more partitions is above 70%

Disk usage in one or more partitions is above 90%

6


Utilities

Description

Status OK Warning One or more tables in the Database is corrupted Any of the log table size is more Local DNS is Down but resolves using External DNS Authentication server is up and running but Request queue is above 1000 bytes Critical Database down is

Database Status

each partition Displays the Database condition and Log table sizes

Database is up and running Log table sizes are OK

Any of the Main tables in the Database is corrupted Not able resolve to

DNS Status

Displays the status of DNS

Local DNS is up and running and is able to resolve Authentication server is up and running

Authentication Server

Displays the status Authetication server Ideally there should be not queue

of

Authentication server is down Request queue is above 50000 bytes HA services not functioning Heartbeat communication has stopped. This may happen if the peer appliance is down or there is no connectivity between the peers

HA Service

Monitor HA health

HA Communication

Monitor HA health

HA services functioning properly Heartbeat is communicated

System Monitor

Application Proxies Status HTTP Proxy Monitor proxy sessions Statistics HTTP Access Displays access log Log Interface Info Displays the number of Errors and Collisions that has occured on each Interface System Health Graphs CPU info Displays the CPU used by Users and System and CPU Idle time Mem Info Displays how memory is used i.e. memory usage summary like total, available and used memory, amount used for caching Load average Displays the System load in last 24hours, 48 hours , week, month and year

On Off Restart Show Displays status of HTTP, SMTP, POP3, IMAP, FTP proxies

7


Utilities

Description

Status OK Warning Critical

Uptime Displays the Server uptime Interface Info Displays the daily, weekly, monthly and yearly statistics of each Interface in the form of received and transmitted bytes, received and transmitted errors, received and transmitted drops and collisions

8


Gateway ReachabilityGateway routes the traffic between the networks and all the User requests are forwarded to the Gateway. If the Gateway is down then the users will not be able to connect to the outside world. Gateway Reachability status, specifies whether the Server is able to contact the Gateway or not. Use to check the connectivity with following utilities: Ping, Ping Gateway, Traceroute

Connectivity CheckClick Gateway Reachability link to use ping and traceroute utilities to check the connectivity with the Server.

PingAnalytical tool provides easy to use 'ping' functionality. Ping is a basic Internet program that lets you verify that a particular IP address exists and can accept requests. Using Ping, you can test for the existence of machines on the Internet and also determine the latency time for the transfer between the machine doing the ping and that being pinged. Use Ping diagnostically to Ensure that a host computer you are trying to reach is actually operating or address is reachable or not. Check how long it takes to get a response back. Get the IP address from the domain name Check for the packet loss Enter IP address or Domain to be pinged and click Ping. If the IP address or domain entered is not valid or left blank, error page is displayed.

9


Ping GatewayUse Ping Gateway to check whether server is able to reach the Gateway or not any packet loss between Server and Gateway

Simply click Ping Gateway button. It opens a new window and displays the ping statistics as follows:

If the IP address or domain entered is not valid or left blank, error page is displayed.

10


TracerouteTraceroute is a useful tool to determine if a packet or communications stream is being stopped at the Cyberoam, or is lost on the Internet by tracing the path taken by a packet from the source system to the destination system, over the Internet. Use this utility to find any discrepancies in the Cyberoam network or the ISP network within milliseconds. Use to trace the path taken by a packet from the source system to the destination system, over the Internet. Enter IP address or Domain to be traced and click Traceroute. If the IP address or domain entered is not valid or left blank, error page is displayed.

Traceroute displays all the routers through which data packets pass on way to the destination system from the source system, maximum hops and Total time taken by the packet to return measured in milliseconds.

11


Disk UsageUse to check the records of disk space used. Displays distribution of disk space, used and unused disk space by the various partitions on a volume Status Critical - if % Usage of any partition is above 90 % Warning - if % Usage of any partition is above 70 % Click Disk Usage link to view the exact usage of each partition and delete the cache of that partition whose usage is exceeding 90% from Console

12


Database StatusUse to check the database status Click Database Status link to view the database status, log table sizes and table corruption details

Status Critical if the database is down or one of the main tables is corrupted Warning if one of the tables is corrupted or one of the log tables size is more Repair the Database or purge the data from log tables from Console if the status is Critical

13


DNS StatusA Domain Name Server translates domain names to IP addresses and vice versa. If more than one Domain name server exists, query will be resolved according to the order specified. Use to check the DNS status

Status Critical if not able to resolve Warning if the local DNS is down but able to resolve If DNS is down, restart the DNS from the Web Interface

14


Authentication ServerUser has to be authenticated by Cyberoam before accessing any resources controlled by Cyberoam. Use to Check the status of Authentication server Number of requests pending i.e. queue

Click Authentication server link to view the details

Status Critical if the Authentication server is down or request queue is above 50000 bytes Warning if the Authentication server is up but request queue is above 1000 bytes

15


HA ServiceUse to view monitor HA health. Status OK HA service is functioning properly Critical HA service is not functioning

16


HA CommunicationUse to view monitor HA health. Status OK Heartbeat is communicated Critical Heartbeat communication has stopped. This may happen if peer appliance is down or there is no connectivity between peers.

17


System Monitor

18


Application Proxy statusDisplays status of various proxy servers.

19


HTTP Proxy statisticsUse to: View and monitor live HTTP session information Capture and download session information in the form of log Search information from log

Use to view the real time statistics about proxy configuration and its performance. It provides time wise breakup of various Proxy actions like: DNS request time, total HTTP requests served by number and data transfer, failed requests and live session information.

Column SessionID Conntrack ID UserID Resident Time Persistence connection IAP Client IP URL Connection status

Description Unique ID assigned to each established session Conntrack ID Unique ID assigned to each user Time when request is accepted No. of requests served on single connection Internet Access Policy number assigned to the user Source IP Address URL accessed State of the specific connection Connection status can be one of the followings: STATUS_REQ_READ - Reading request headers STATUS_REQ_ACL_CHECK - Checking Request ACL i.e. IAP applied on the request STATUS_DNS_LOOKUP - DNS lookup is being performed STATUS_CONNECT - DNS query is resolved and proxy is trying to

20


connect to the server STATUS_RESP_READ - Reading response headers STATUS_RESP_ACL_CHECK - All the response headers are read and ACL check is being performed STATUS_BODY_DUMP - Response data is dumped to the temporary file STATUS_VIRUS_SCANNING - Virus Scanning is being performed STATUS_FILE_RELAY - Data being written on to client STATUS_IDLE - Waiting for request from client Time taken between accepting the request and reading all the request headers Request read time could be higher due to following possible reasons: Client is not responding properly or taking time to respond DoS attack Heavy traffic on the interface Time lapsed between read request and completion of ACL check for the request Time taken to complete DNS lookup after request ACL check. It is the lookup time for the requested site/host. Destination IP Address Time taken between accepting the connection and relating this new connection to the original connection from lower layer Time taken to connect to the server after relating connections. Possible reasons for higher (greater then 5 secs) connection time for all the requests: Parent proxy problem Not enough bandwidth Incorrect bandwidth policy applied to firewall rule/user/group Errors or collision on WAN interface If connection time is greater than 5 secs for a particular URL then remote server is slow or having problem Time taken for reading all response headers after connecting to the server Time lapsed between reading response headers and completion of ACL Check for that response Time lapsed between response ACL check and complete response body dumped to the file Time taken between dumping entire data to the file and completing virus scanning of either post or response data. If scan time is higher, fine-tune AV setting by reducing the file size threshold. If scan time is still higher after reducing threshold, contact Cyberoam support. Time taken to write file data on to the client/server once virus scanning is over

Request Read Time

Request ACL Check Time DNS Lookup time Server IP Relate Connection time Connect time

Response Read Time Response ACL Time Response Body Time AV Scan Time Check Dump

Response Relay Time

21


Click Show Live Sessions button to view details about the each session: session ID, IAP ID, Client IP address

In addition, the HTTP session information can be captured and downloaded as a file to aid in further troubleshooting and performance tuning if required. Click Start Capture button to save the information in the form of log. Download log file by clicking Download Captured Sessions button. The information available in the HTTP session capture is: HTTP Request Headers HTTP Response Headers

Proxy tasks statistics Click Search Captured Sessions button to search the captured sessions based on Client IP address, URL accessed by the user or IAP ID. One can search session based on other parameters as displayed in the below given screen.

22


23


HTTP Access logCyberoam can record all or selective incoming HTTP and Proxy mode FTP requests in its HTTP Access log. Log comprises both success and failure response sent to client. Log contains a separate line for every transaction. Each line includes values for the following fields separated by ###: HTTP proxy log field name/description Date/time stamp Client IP address which requested the URL Size of object/content served

Sample data 2006-01-19 17:48:13 192.168.1.51 272 In case of error, log will not have size details http://kh.google.com/flatfile?q2-020112023330 kh.google.com application/octet-stream Y (text or html) SearchEngines ERR_XXX

Complete requested URL Hostname Object/content type Object/content type flag Category Error code

Below given is the sample log. For the better understanding, errors are displayed in the red color. Use the table given to understand the meaning of errors. 2006-01-19 17:48:13###192.168.1.51###272###http://kh.google.com/flatfile?q2020112023330###kh.google.com###application/octet-stream###Y###SearchEngines 2006-01-19 17:48:13###192.168.1.77###20473###http://us.a1.yimg.com/us.yimg.com/a/ya/ya hoo_health/20051227_66141_1_300x250_lrec_qb.jpg###us.a1.yimg.com###image/jp eg###Y###ImageBanks 2006-01-19 17:47:34###192.168.1.81###http://songkm77.cafe24.com/###songkm77.cafe24.com ###-###N###Spirituality###ERR_CONNECT_FAIL 2006-01-19 17:47:36###192.168.1.137###http://insider.msg.yahoo.com/ycontent/search/### insider.msg.yahoo.com###-###N###Chat###ERR_ACCESS_DENIED 2006-01-19 17:47:45###192.168.1.99###http://shttp.msg.yahoo.com/notify/###shttp.msg.ya hoo.com###-###N###InstantMessaging###ERR_CONNECT_FAIL 2006-01-19 17:47:48###192.168.1.138###http://mafiaspyware.com/mafia/uragan/work.php?me thod=get&port=7687&id=1257368&type=0&winver=Windows%202000%20Service%20Pack %204###mafiaspyware.com###-###N###None###ERR_CONNECT_FAIL 2006-01-19 17:47:54###192.168.1.51###http://webmail.daiict.org/webmail/plugins/newmail/newmail.php?numnew=1###webmail.daiict.org###-###N###EducationalInstitutions###ERR_CONNECT_FAIL 2006-01-19 17:47:54###192.168.1.57###http://nohost.nodmain.elitecore.com### nohost.nodmain.elitecore.com###-###N###InformationTechnology###ERR_DNS_FAIL

24


2006-01-19 17:48:20###192.168.1.81###361###http://songkm77.cafe24.com/img/main_new/top attsub.gif###songkm77.cafe24.com###image/gif###Y###Spirituality 2006-01-19 17:48:22###192.168.1.51###429###http://kh.google.com/flatfile?f1c-02011231d.452.57###kh.google.com###application/octet-stream###Y###SearchEngines 2006-01-19 17:48:22###192.168.1.133###2030###http://listen.real.com/contextwindow?cd=a rtistinfo2&CB=client&album=Together&artist=Jagjit%20Singh&genre=Other&nexta rtist=right=&trackid=&artistid=&albumid=&genreid=&PT=FREE&OS=WinNT%205.1.2 600&LP=en%2DUS&OC=RN30DL&PV=6.0.12.1212&PBR=0&LI=en&PN=RealPlayer&DC=RN30DL &DT=111005&pageloc=ciwin###listen.real.com###text/html###Y###Music 2006-01-19 17:48:44###192.168.1.110###http://vocabulary.com/Assets/menubar_r1_c1.gif## #vocabulary.com###-###N###Games###ERR_ZERO_SIZE_OBJECT 2006-01-19 17:50:58###192.168.1.57###ftp://www.elitecore.com/###www.elitecore.com######N###InformationTechnology###ERR_FTP_FORBIDDEN 2006-01-19 17:52:21###192.168.1.57###ftp://www.elitecore.com/hotmail.gif###www.eliteco re.com###-###N###InformationTechnology###ERR_FTP_NOT_FOUND

Use the following error code description to understand the errors displayed in the Logs.

Sr. no.

Error ERR_ACCESS_DENIED

Description Request is denied as user does not have the access rights/privilege to read the requested content If the user is wrongly denied the access, update users Internet Access policy to grant access rights HTTP proxy server is not able to establish HTTP connection HTTP proxy server is not able to complete TCP handshake i.e. server has not received SYN ACK request HTTP proxy server is not able to resolve the host address from the hostname extracted from URI Requested CONNECT method is denied in HTTP Usage of FTP is not allowed or disabled By default, the usage of FTP is allowed HTTP proxy server is not able to connect to the FTP server This can happen if the link to destination FTP server or firewall is down Not able to log on to FTP server as username was not supplied in the request. Acc. to RFC, URI requires username for request. Cyberoam will use default username anonymous used to log on if username is not supplied in URI. Format ftp://[email protected]

1. 2. 3. 4. 5.

ERR_CANNOT_FORWARD ERR_CONNECT_FAIL ERR_DNS_FAIL ERR_FORWARDING_DENIED ERR_FTP_DISABLED

6.

ERR_FTP_FAILURE

7.

ERR_FTP_FORBIDDEN

25


8. 9.

ERR_FTP_NOT_FOUND ERR_FTP_PUT_CREATED

10. ERR_FTP_PUT_ERROR 11. 12. 13. 14. ERR_FTP_UNAVAILABLE ERR_INVALID_URL ERR_INVALID_REQ ERR_READ_ERROR

15. ERR_READ_TIMEOUT 16. ERR_SHUTTING_DOWN 17. ERR_SOCKET_FAILURE

HTTP proxy server is not able to retrieve the requested file using GET command from the FTP server Usage of PUT command is denied as it is read-only FTP server Incomplete data is send to FTP server using PUT command FTP service is not running on the server URL contains non-RFC standard characters Request is non-RFC-standard HTTP proxy server is trying to read when connection is closed by Remote server or Client link is down packet is lost HTTP proxy server is trying to read when link is down HTTP proxy server is in process of shut down and cannot process further requests HTTP proxy server is not able to establish new connections due to shortage of resources. This is the most critical error because one of the reasons for shortage of resources is DDoS attack. To diagnose the exact cause, use DoS settings from Web Console tcpdump utility from Telnet Console The size of the file being uploaded/downloaded is exceeding the permissible limits This error indicates virus auto-generated attack. Acc. to RFC, request header limit is 10BK Acc. to Linux Filesystem, data limit is 2GB Request is not supported by the proxy implementation Supported requests http://, ftp://, https:// Hostname is not resolved for the requests other then http://, ftp://, https:// HTTP proxy server is not able to write on socket. This could be because of local socket problem or closed TCP connection from the remote server side. HTTP proxy server is trying to make a TCP connection to a server, but server closed the connection after transmitting the data in the single packet as size of data was small

18. ERR_TOO_BIG

19. ERR_UNSUP_REQ

20. ERR_URN_RESOLVE 21. ERR_WRITE_ERROR

22. ERR_ZERO_SIZE_OBJECT

26


Interface InfoUse to view the details of all the interface cards attached. Click Interface Info link to view the number of errors and collisions occurred on each card.

27


System Health GraphsUse to view Graphs pertaining to System related activities for different time intervals. Click System Health Graphs link to view graphs

Graphs can be viewed Utilities wise or period wise. Period wise graph will display following graphs for the selected period: CPU Usage, Memory Usage, Load Average, Uptime Utility wise graph will display following graphs for the selected utility: Daily, Yesterday, Weekly, Monthly, Yearly

CPU Info graphsCPU Info graphs allow Administrator to monitor the CPU usage by the Users and System components. Displays the percentage wise CPU used by User and System and Idle time 1. Daily CPU Usage - Graph shows today s CPU usage in percentage. In addition, shows minimum, maximum, Average and Current CPU usage. X axis Minutes Y axis % use Blue Color CPU used by Users Orange Color CPU used by System Green Color CPU Idle time

28


2. Weekly CPU Usage - Graph shows weekly CPU usage in percentage. In addition, shows minimum, maximum, Average and Current CPU usage. X axis Day of the week Y axis % use Blue Color CPU used by Users Orange Color CPU used by System Green Color CPU Idle time

Memory Info graphsMemory Info graphs allow Administrator to monitor the Memory usage by the various System components. Displays the Buffered Memory, Cache Memory, Used Memory, Free Memory and Total Memory 1. Daily CPU Usage - Graph shows today s Memory usage in Giga bytes. In addition, shows minimum, maximum, Average and Current memory usage. X axis Time interval Y axis Memory used in Giga bytes Black Color Total Memory Green Color Free Memory Orange Color Memory used Blue Color Buffered Memory

29


Yellow Memory used by Cache

2. Weekly Memory Usage - Graph shows weekly Memory usage in Giga bytes. In addition, shows minimum, maximum, Average and Current memory usage. X axis Day of the week Y axis Memory used in Giga bytes Black Color Total Memory Green Color Free Memory Yellow Memory used by Cache Orange Color Memory used Blue Color Buffered Memory

Load Average graphsLoad Average graphs allow Administrator to monitor the load on the System. Displays the average load on the System at the interval of one minute, five minute, and fifteen minutes. Load Average of 1.0 is considered as Normal while above 1.0 is considered as Critical for the System. 1. Daily Load Average - Graph shows today s average load on the system. In addition, shows minimum, maximum, Average and Current load.

30


X axis Time interval Y axis Load on the System Blue Color One minute Green Color 5 minutes Orange Color 15 minutes

2. Weekly Load Average - Graph shows weekly average load on the system. In addition, shows minimum, maximum, Average and Current load. X axis Time interval Y axis Load on the System Blue Color One minute Green Color Five minutes Orange Color Fifteen minutes

Uptime graphsUptime graphs shows since when the system is up & running. X axis Time interval Y axis Number of Days Green Color Uptime

31


Interface Info graphsUse Interface Information graph to view the following information for all the Interfaces: 1) Bytes received and transmitted by the Interface 2) Errors occurred during the transmission & receipt of the packets by the Interface 3) Packets Dropped during the transmission & receipt of the packets by the Interface 4) Collisions occurred during the transmission & receipt of the packets by the Interface X axis Duration Y axis Bytes Orange Color Received Bytes Dark Blue Color Received Errors Yellow Received Drops Red Color Collisions Green Color Transmitted Bytes Dark green Color Transmitted Errors Light Blue Transmitted Drops

32


NoteDaily and Yesterday Graphs are plotted at the average of 5 minutes Weekly Graph is plotted at the average of 15 minutes Monthly Graph is plotted at the average of 6 Hours Yearly Graph is plotted at the average of 1 Day

33

Documents

Cyberoam Analytical Tool Guide