In this page you find:
The status menu provides a set of pages that display information in both textual and graphic views about various daemons and services running on the Endian UTM Appliance. No configuration option is available in this module, which only shows the current and recent status of the Endian UTM Appliance.
The following items appear in the sub-menu on the left-hand side of the screen, each giving detailed status information on some functionalities of the Endian UTM Appliance:
System status - current status of services, resources, uptime, kernel.
Network status - configuration of network interfaces, routing table, ARP cache.
System graphs - graphs of resource usage.
Traffic Graphs - graphs of bandwidth usage.
Proxy graphs - graph of HTTP proxy access statistics.
Connections - list of all open TCP/IP connections.
OpenVPN connections - list of all OpenVPN connections.
SMTP mail statistics - graphs about the SMTP service.
Mail queue - SMTP server’s mail queue.
Wireless status - list of users connected through the Wireless module (only for Hardware appliance with Wireless module)
The default page that opens when clicking on Menubar ‣ Status is the System status page, which gives a lot of generic information about the running system, organised into boxes. At the top of the page, there are hyperlinks for each of these boxes: services, memory, disk usage, uptime and users, loaded modules, and the kernel version, each in its own box. In more details, these are the information presented in each box, which are usually the output of a Linux command.
This box shows the status of each service installed on the Endian UTM Appliance,
marked as either Stopped or Running
and accompanied
by a red or green square respectively. A service might appear as
stopped because the corresponding daemon or script is not enabled.
The output of the Linux free command supplies the data shown here. All numbers represented kilobytes of memory; a bar eases the visualisation of the memory used.
The first line shows the total used RAM memory, for which is normal to be close to 100% for a long time running system, since the Linux kernel uses all available RAM as disk cache to speed up I/O operations.
The second show the amount of RAM used by buffers and cached by processes. Ideally this value should be below 80% of the RAM, to keep some memory available for disk caching.
Finally, the third line shows the swap space occupied on disk. For a long running system it is normal to see moderate swap usage (the value should be below 20%), especially if not all the services are used all the time.
Whenever the RAM Used is high and a new process is launched by Linux, either portions of memory in use are discarded, or they are moved to the swap space, to free RAM needed by those processes. While it is normal for a Linux system to have almost all the RAM occupied, the high usage of total memory (RAM and swap) for long periods might indicate a possible problem on the Endian UTM Appliance. Indeed, when too much memory is required by the running processes and it can not be allocated for all process will eventually slow down the system, that need a lot of time to move portions of RAM to the swap space and vice-versa.
The output of the Linux df command shows the disk devices -phisycal disks and partitions, their mount point and the space of each disk partition. The main partitions shown are:
The main disk
The data disk
The configuration disk, where all the Endian UTM Appliance settings are stored
The log disk
The memory-mounted filesystems, like e.g., /dev/shm/
and
/var/volatile
.
Note
The data disk and the log disk may grow over time, so enough space should be reserved for them - especially for the log disk. Remember also that disks which are more than 95% full may hinder the correct working of the system: For example, log files can not be stored anymore, or changes in the configuration can not be actually stored on disk.
See also
There are a few suggestions to free space on filled up partitions in this guide.
This box shows the output of the Linux w command, which
reports the current time (in the example below 15:21:38
),
the uptime (6:18
), the number of console users that are
currently logged into the system (1 user
), and the system
load average for the past 1, 5, and 15 minutes (0.03, 0.02,
0.00
).
Moreover, if any console user is logged into the system, some
information about it is displayed at the bottom, including the
username (root
), the IP address or hostname from where he
is connected (192.168.1.97
), and the command that he is
running (-bash
),
15:21:38
up 6:18, 0 users, load average: 0.03, 0.02, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.1.97 Tue18 7:57 0.54s 0.54s -bash
More details about the content of this box can be found on the w(1) manual page.
The output of the Linux lsmod command. It shows the kernel modules currently loaded into memory. This information proves useful to advanced users only.
The output of the Linux uname -r command, which shows the current kernel version.
This page contains several information about the running state of the network interfaces. Four boxes are present on the page, and, like for the System status, hyperlinks are provided at the top of the page for a quicker access: Interfaces, Current dynamic leases, NIC status, Routing table entries, and the ARP table entries.
In more details, these are the information presented in each box, which are usually the output of a Linux command.
The first box reports the output of the ip addr show command which provides for each network interface the associated MAC address, IP address, and additional communication parameters. The active interfaces are highlighted with the colour of the zone they are serving. The NIC shown are either ethernet interfaces or bridges, while VLANs and bonded network interfaces are not shown.
Changed in version 5.1: To see the current dynamic leases assigned by the DHCP server, go to Services ‣ DHCP server ‣ Dynamic leases
The running configuration and capabilities of each of the NIC are
shown here. Each interface is highlighted with the colour of the zone
it is serving and is labelled as [Link OK]
to indicate
that it is working. Interfaces that are not used are labelled with
[NO Link]
. The command providing the output is ip
link show.
The kernel routing table, as provided by the route -n
command. Typically, there should be one line per active interface,
which correctly routes the traffic within the zones served by the
Endian UTM Appliance, plus a default route (recognisable by the
0.0.0.0
Destination
field) that allow the
traffic to reach the Internet.
There can be more than one entry per interface in the case of the default gateway or in case some special host in one local network acts as gateway to another local network that is not directly served by the Endian UTM Appliance.
The last box shows the output of the arp -n command and shows the ARP table, i.e., a table containing the MAC address associated to each known IP address in the local networks (including the one corresponding to the uplink’s remote gateway.
The graphs displayed in this page present the usage of resources during the last 24 hours, divided into three boxes: CPU, memory, and swap.
Each graph uses colours, explained in the legend, to highlight its various components, and shows a summary of the maximum, average, and current values.
When clicking on either of the graphs or boxes, a new page will open, with four boxes. containing the respective usage graphs for the last day, week, month, and year. In these pages, a click on the BACK link at the bottom of the page allows to return to the previous page.
Note
The nan (short for “Not A Number”) string that is
sometimes displayed in the summaries means that there not enough
data have been collected to calculate the usage of the selected
resource. It can appear for example in the Usage per
Year
graphs when the Endian UTM Appliance has been used for only a few weeks.
In detail, the three boxes in the main page display the following information.
This box shows the CPU usage of the Endian UTM Appliance, grouped into the sum of CPU time per status of the processes. The colours used to denote each status are:
White - idle, i.e., time the CPU is not used by any process.
Green - nice processes, i.e., user processes which have changed their default priority.
Blue - user processes with default priority.
Orange - time spent by the CPU waiting for I/O tasks to complete.
Red - system (kernel) processes
Pink - softirq, i.e., the time spent for software interrupts
Brown - interrupt, i.e., is the time spent for hardware interrupts
Black - steal meaningful only if running as a virtual machine, is the time used by the hypervisor to run the VM.
This graph shows the RAM memory usage. The following colours are used to denote the of memory:
Green - unallocated memory, that can be allocated to new processes.
Blue - cache memory, copy of recent data used by processes.
Orange - buffer memory, a temporary portion of memory that stores data to be sent to -or received from- external devices.
Red - used memory.
The usage of the swap area, located on the hard disk, is displayed in this box. The colours used are:
Green - unallocated swap.
Blue - cached swap.
Red - swap space used.
See also
A good page that clearly describes the linux memory management is here.
This page contains boxes displaying the traffic graphs for the last 24 hours, divided by zone and uplink. Hence, depending on the zones enabled and configured, this page will usually contain between 2 and 6 boxes, each with one graphs. Like for the System graphs, the graphs are accompanied with a legend of the data displayed:
Green - the outgoing traffic.
Blue - the incoming traffic
Below the graphs, also the summary of the average, maximum, and current amount of data transmitted and received is displayed and updated in real time.
When clicking on one of the graphs, a new page will open, with summaries of the data flown through the corresponding zone or uplink for the last day, week, month, and year.
Hint
To go back to the page with all the zone’s graphs, click on the BACK hyperlink on the bottom of the page.
The access statistics of the HTTP proxy during the last 24 hours are
shown here. There are no graphs in this page if the HTTP proxy service
in not active and has never been enabled: In those cases, instead of
the graphs, in the boxes appears the string No information
available
.
However, if the service has been running even for a short period during the last year, the data produced are still accessible by clicking on the graph. Similarly to the other graphs, statistics are shown for the last day, week, month, and year. In this page, a click on the BACK hyperlink on the bottom allows to go back to the main page.
Note
To show the proxy graphs, HTTP proxy logging must be enabled under Proxy ‣ HTTP ‣ Configuration ‣ Log settings, by ticking the Enable logging checkbox. Also queried terms and useragents can be logged to produce more detailed logs and graphs.
After the HTTP proxy has been enabled, the four boxes show the following data:
Total traffic per day: the amount of data flown through the Endian UTM Appliance’s proxy service. In green is show the outgoing traffic, while in blue the incoming traffic.
Total Accesses per Day. The number of HTTP requests, depicted in blue, received by the Endian UTM Appliance.
Cache hits per day. The number of cache data requested.
Cache hits ratio over 5 minutes per day. The number of cache data requested during a five minutes period.
This page shows a table containing the list of current connections from, to, or going through the Endian UTM Appliance. The data shown here are devised by the kernel conntrack table. The following colours are employed in the table and used as the background of the cells in the table to denote the source and destination of the connection.
Green, red, orange, and blue are the zones governed by the Endian UTM Appliance.
Black is used for connections involving the firewall, including daemons and services, like e.g., SSH or web accesses).
Purple shows connections using VPN or IPsec.
The data displayed in the table are the following.
The IP address from which the connection has started.
The port from which the connection has started.
The destination IP of the connection.
The destination port of the connection.
The protocol used in the connection, which is typically tcp or udp.
The current status of the connection, meaningful only for TCP connections. They are defined in RFC 793, significant states are ESTABLISHED (connection is active), TIME_WAIT (connection is closing) CLOSE (no connection).
How long will the connection remain in that particular status.
Note
The page refreshes automatically every 5 seconds.
Each IP address and each IP port in the table can be clicked to obtain useful information.
A click on the IP address will launch a whois query that will display various information about the IP address and the net block to which it belongs.
A click on the port number will open the Internet Storm Center web page, with information about the port (i.e., the purpose for which it is used) and about which services or malware (e.g., Trojans, viruses) may exploit that port and the number of attacks received on those ports by various servers worldwide.
This page shows the users connected to the Endian UTM Appliance using a VPN, either OpenVPN or IPsec. The table shows the following information about them:
The username which the client uses for the connection.
The service they rely on for the connection (OpenVPN, L2TP, IPsec Xauth and so on).
The time when the connection started (Connected since).
The Assigned IP of the client.
The Remote IP of the client.
The possible Actions that can be carried out on the connection, which currently is only to forcibly disconnect the client.
A click on the icon in the bottom right corner of the table will refresh the list.
Four boxes appear on this page, showing graphs about the email sent by the local SMTP server on the Endian UTM Appliance for the current day, week, month, and year.
Note
The SMTP graphs are not reproduced on the Mini Appliances, since they require too many resources.
Like in the case of the Proxy Graphs, if the SMTP Proxy has never
been enabled, the No information available
string will be
displayed instead of the graphs.
Each box contains two graphs, both of which present on the y-axis the number of e-mail per minute and on the x-axis the time, whose unit of measure changes according to the type of graph: A two hours span in the Day graphs, one day in the week graphs, one week in the Month graphs and one month in the year graphs.
The graph on the top shows a summary of the number of message per minute sent (in blue) or received (in green) by the Endian UTM Appliance.
The graph at the bottom can be seen as a more fine-grained version of the other graph, since it displays the e-mails that have been rejected (in red) or bounced (in black), those that have been intercepted because they contain viruses (in yellow), and those that have been recognised as spam (in grey).
Below each graph, there are also textual information concerning each category of email (sent, received, rejected, bounced, virus, and spam) about the total number, the average, and the highest number of e-mail (“msgs”) processed, plus the timestamp (date and time) of the latest update to the page.
Note
The nan (short for “Not A Number”) string that is sometimes displayed in the summaries means that there not enough data have been collected to calculate the usage of the selected resource.
When the SMTP proxy is enabled, this page shows the current e-mail
queue. With no e-mails in the queue, the message Mail queue
is empty
is displayed, but when some e-mail is there, it is possible
to flush the queue (i.e., send immediately the email in the queue) by
clicking on the Flush mail queue button.
With the SMTP proxy disabled, the message The SMTP proxy is
currently disabled. Therefore no information is available.
is shown.
The Wireless status page shows all currently clients connected via the wireless module, along with the following information:
The client’s MAC Address.
The SSID used by the client.
The power of the signal.
The receiving and transmitting bit-rate of the connection (RX Bitrate and TX Bitrate respectively).
The received and transmitted bytes (RX Bytes and Received Bitrate respectively).
Note
The bit-rate shows the negotiated speed between the Appliance and the client, and may vary over time, depending on factors like for example the number of connected clients.
A click on the icon in the bottom right corner of the table will refresh the list.
Version 3.2
Version 3.0
Version 2.5
Version 2.4
Version 2.3
Version 2.2
Version 2.1