Endian banner

The Status Menu

The status menu provides a set of pages that display information in both textual and graphic views about various daemons and services running on the Endian UTM Appliance. No configuration option is available in this module, which only shows the current and recent status of the Endian UTM Appliance.

The following items appear in the sub-menu on the left-hand side of the screen, each giving detailed status information on some functionalities of the Endian UTM Appliance:

  • System status - current status of services, resources, uptime, kernel.

  • Network status - configuration of network interfaces, routing table, ARP cache.

  • System graphs - graphs of resource usage.

  • Traffic Graphs - graphs of bandwidth usage.

  • Proxy graphs - graph of HTTP proxy access statistics.

  • Connections - list of all open TCP/IP connections.

  • OpenVPN connections - list of all OpenVPN connections.

  • SMTP mail statistics - graphs about the SMTP service.

  • Mail queue - SMTP server’s mail queue.

  • Wireless status - list of users connected through the Wireless module (only for Hardware appliance with Wireless module)

System status

The default page that opens when clicking on Menubar ‣ Status is the System status page, which gives a lot of generic information about the running system, organised into boxes. At the top of the page, there are hyperlinks for each of these boxes: services, memory, disk usage, uptime and users, loaded modules, and the kernel version, each in its own box. In more details, these are the information presented in each box, which are usually the output of a Linux command.

Services

This box shows the status of each service installed on the Endian UTM Appliance, marked as either Stopped or Running and accompanied by a red or green square respectively. A service might appear as stopped because the corresponding daemon or script is not enabled.

Memory

The output of the Linux free command supplies the data shown here. All numbers represented kilobytes of memory; a bar eases the visualisation of the memory used.

The first line shows the total used RAM memory, for which is normal to be close to 100% for a long time running system, since the Linux kernel uses all available RAM as disk cache to speed up I/O operations.

The second show the amount of RAM used by buffers and cached by processes. Ideally this value should be below 80% of the RAM, to keep some memory available for disk caching.

Finally, the third line shows the swap space occupied on disk. For a long running system it is normal to see moderate swap usage (the value should be below 20%), especially if not all the services are used all the time.

Whenever the RAM Used is high and a new process is launched by Linux, either portions of memory in use are discarded, or they are moved to the swap space, to free RAM needed by those processes. While it is normal for a Linux system to have almost all the RAM occupied, the high usage of total memory (RAM and swap) for long periods might indicate a possible problem on the Endian UTM Appliance. Indeed, when too much memory is required by the running processes and it can not be allocated for all process will eventually slow down the system, that need a lot of time to move portions of RAM to the swap space and vice-versa.

Disk usage

The output of the Linux df command shows the disk devices -phisycal disks and partitions, their mount point and the space of each disk partition. The main partitions shown are:

  • The main disk

  • The data disk

  • The configuration disk, where all the Endian UTM Appliance settings are stored

  • The log disk

  • The memory-mounted filesystems, like e.g., /dev/shm/ and /var/volatile.

Note

The data disk and the log disk may grow over time, so enough space should be reserved for them - especially for the log disk. Remember also that disks which are more than 95% full may hinder the correct working of the system: For example, log files can not be stored anymore, or changes in the configuration can not be actually stored on disk.

See also

There are a few suggestions to free space on filled up partitions in this guide.

Uptime and users

This box shows the output of the Linux w command, which reports the current time (in the example below 15:21:38), the uptime (6:18), the number of console users that are currently logged into the system (1 user), and the system load average for the past 1, 5, and 15 minutes (0.03, 0.02, 0.00).

Moreover, if any console user is logged into the system, some information about it is displayed at the bottom, including the username (root), the IP address or hostname from where he is connected (192.168.1.97), and the command that he is running (-bash),

15:21:38 up  6:18,  0 users,  load average: 0.03, 0.02, 0.00
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU  WHAT
root     pts/0    192.168.1.97     Tue18    7:57   0.54s  0.54s -bash

More details about the content of this box can be found on the w(1) manual page.

Loaded modules

The output of the Linux lsmod command. It shows the kernel modules currently loaded into memory. This information proves useful to advanced users only.

Kernel version

The output of the Linux uname -r command, which shows the current kernel version.

Network status

This page contains several information about the running state of the network interfaces. Four boxes are present on the page, and, like for the System status, hyperlinks are provided at the top of the page for a quicker access: Interfaces, Current dynamic leases, NIC status, Routing table entries, and the ARP table entries.

In more details, these are the information presented in each box, which are usually the output of a Linux command.

Interfaces

The first box reports the output of the ip addr show command which provides for each network interface the associated MAC address, IP address, and additional communication parameters. The active interfaces are highlighted with the colour of the zone they are serving. The NIC shown are either ethernet interfaces or bridges, while VLANs and bonded network interfaces are not shown.

Current dynamic leases

Changed in version 5.1: To see the current dynamic leases assigned by the DHCP server, go to Services ‣ DHCP server ‣ Dynamic leases

NIC status

The running configuration and capabilities of each of the NIC are shown here. Each interface is highlighted with the colour of the zone it is serving and is labelled as [Link OK] to indicate that it is working. Interfaces that are not used are labelled with [NO Link]. The command providing the output is ip link show.

Routing table entries

The kernel routing table, as provided by the route -n command. Typically, there should be one line per active interface, which correctly routes the traffic within the zones served by the Endian UTM Appliance, plus a default route (recognisable by the 0.0.0.0 Destination field) that allow the traffic to reach the Internet.

There can be more than one entry per interface in the case of the default gateway or in case some special host in one local network acts as gateway to another local network that is not directly served by the Endian UTM Appliance.

ARP table entries

The last box shows the output of the arp -n command and shows the ARP table, i.e., a table containing the MAC address associated to each known IP address in the local networks (including the one corresponding to the uplink’s remote gateway.

System graphs

The graphs displayed in this page present the usage of resources during the last 24 hours, divided into three boxes: CPU, memory, and swap.

Each graph uses colours, explained in the legend, to highlight its various components, and shows a summary of the maximum, average, and current values.

When clicking on either of the graphs or boxes, a new page will open, with four boxes. containing the respective usage graphs for the last day, week, month, and year. In these pages, a click on the BACK link at the bottom of the page allows to return to the previous page.

Note

The nan (short for “Not A Number”) string that is sometimes displayed in the summaries means that there not enough data have been collected to calculate the usage of the selected resource. It can appear for example in the Usage per Year graphs when the Endian UTM Appliance has been used for only a few weeks.

In detail, the three boxes in the main page display the following information.

CPU graph

This box shows the CPU usage of the Endian UTM Appliance, grouped into the sum of CPU time per status of the processes. The colours used to denote each status are:

  • White - idle, i.e., time the CPU is not used by any process.

  • Green - nice processes, i.e., user processes which have changed their default priority.

  • Blue - user processes with default priority.

  • Orange - time spent by the CPU waiting for I/O tasks to complete.

  • Red - system (kernel) processes

  • Pink - softirq, i.e., the time spent for software interrupts

  • Brown - interrupt, i.e., is the time spent for hardware interrupts

  • Black - steal meaningful only if running as a virtual machine, is the time used by the hypervisor to run the VM.

Memory graph

This graph shows the RAM memory usage. The following colours are used to denote the of memory:

  • Green - unallocated memory, that can be allocated to new processes.

  • Blue - cache memory, copy of recent data used by processes.

  • Orange - buffer memory, a temporary portion of memory that stores data to be sent to -or received from- external devices.

  • Red - used memory.

Swap graph

The usage of the swap area, located on the hard disk, is displayed in this box. The colours used are:

  • Green - unallocated swap.

  • Blue - cached swap.

  • Red - swap space used.

See also

A good page that clearly describes the linux memory management is here.

Traffic graphs

This page contains boxes displaying the traffic graphs for the last 24 hours, divided by zone and uplink. Hence, depending on the zones enabled and configured, this page will usually contain between 2 and 6 boxes, each with one graphs. Like for the System graphs, the graphs are accompanied with a legend of the data displayed:

  • Green - the outgoing traffic.

  • Blue - the incoming traffic

Below the graphs, also the summary of the average, maximum, and current amount of data transmitted and received is displayed and updated in real time.

When clicking on one of the graphs, a new page will open, with summaries of the data flown through the corresponding zone or uplink for the last day, week, month, and year.

Hint

To go back to the page with all the zone’s graphs, click on the BACK hyperlink on the bottom of the page.

Proxy graphs

The access statistics of the HTTP proxy during the last 24 hours are shown here. There are no graphs in this page if the HTTP proxy service in not active and has never been enabled: In those cases, instead of the graphs, in the boxes appears the string No information available.

However, if the service has been running even for a short period during the last year, the data produced are still accessible by clicking on the graph. Similarly to the other graphs, statistics are shown for the last day, week, month, and year. In this page, a click on the BACK hyperlink on the bottom allows to go back to the main page.

Note

To show the proxy graphs, HTTP proxy logging must be enabled under Proxy ‣ HTTP ‣ Configuration ‣ Log settings, by ticking the Enable logging checkbox. Also queried terms and useragents can be logged to produce more detailed logs and graphs.

After the HTTP proxy has been enabled, the four boxes show the following data:

  • Total traffic per day: the amount of data flown through the Endian UTM Appliance’s proxy service. In green is show the outgoing traffic, while in blue the incoming traffic.

  • Total Accesses per Day. The number of HTTP requests, depicted in blue, received by the Endian UTM Appliance.

  • Cache hits per day. The number of cache data requested.

  • Cache hits ratio over 5 minutes per day. The number of cache data requested during a five minutes period.

Connections

This page shows a table containing the list of current connections from, to, or going through the Endian UTM Appliance. The data shown here are devised by the kernel conntrack table. The following colours are employed in the table and used as the background of the cells in the table to denote the source and destination of the connection.

  • Green, red, orange, and blue are the zones governed by the Endian UTM Appliance.

  • Black is used for connections involving the firewall, including daemons and services, like e.g., SSH or web accesses).

  • Purple shows connections using VPN or IPsec.

The data displayed in the table are the following.

Source IP

The IP address from which the connection has started.

Source port

The port from which the connection has started.

Destination IP

The destination IP of the connection.

Destination port

The destination port of the connection.

Protocol

The protocol used in the connection, which is typically tcp or udp.

Status

The current status of the connection, meaningful only for TCP connections. They are defined in RFC 793, significant states are ESTABLISHED (connection is active), TIME_WAIT (connection is closing) CLOSE (no connection).

Expires

How long will the connection remain in that particular status.

Note

The page refreshes automatically every 5 seconds.

Each IP address and each IP port in the table can be clicked to obtain useful information.

A click on the IP address will launch a whois query that will display various information about the IP address and the net block to which it belongs.

A click on the port number will open the Internet Storm Center web page, with information about the port (i.e., the purpose for which it is used) and about which services or malware (e.g., Trojans, viruses) may exploit that port and the number of attacks received on those ports by various servers worldwide.

VPN connections

This page shows the users connected to the Endian UTM Appliance using a VPN, either OpenVPN or IPsec. The table shows the following information about them:

  • The username which the client uses for the connection.

  • The service they rely on for the connection (OpenVPN, L2TP, IPsec Xauth and so on).

  • The time when the connection started (Connected since).

  • The Assigned IP of the client.

  • The Remote IP of the client.

  • The possible Actions that can be carried out on the connection, which currently is only to forcibly disconnect the client.

A click on the update icon in the bottom right corner of the table will refresh the list.

SMTP mail statistics

Four boxes appear on this page, showing graphs about the email sent by the local SMTP server on the Endian UTM Appliance for the current day, week, month, and year.

Note

The SMTP graphs are not reproduced on the Mini Appliances, since they require too many resources.

Like in the case of the Proxy Graphs, if the SMTP Proxy has never been enabled, the No information available string will be displayed instead of the graphs.

Each box contains two graphs, both of which present on the y-axis the number of e-mail per minute and on the x-axis the time, whose unit of measure changes according to the type of graph: A two hours span in the Day graphs, one day in the week graphs, one week in the Month graphs and one month in the year graphs.

The graph on the top shows a summary of the number of message per minute sent (in blue) or received (in green) by the Endian UTM Appliance.

The graph at the bottom can be seen as a more fine-grained version of the other graph, since it displays the e-mails that have been rejected (in red) or bounced (in black), those that have been intercepted because they contain viruses (in yellow), and those that have been recognised as spam (in grey).

Below each graph, there are also textual information concerning each category of email (sent, received, rejected, bounced, virus, and spam) about the total number, the average, and the highest number of e-mail (“msgs”) processed, plus the timestamp (date and time) of the latest update to the page.

Note

The nan (short for “Not A Number”) string that is sometimes displayed in the summaries means that there not enough data have been collected to calculate the usage of the selected resource.

Mail queue

When the SMTP proxy is enabled, this page shows the current e-mail queue. With no e-mails in the queue, the message Mail queue is empty is displayed, but when some e-mail is there, it is possible to flush the queue (i.e., send immediately the email in the queue) by clicking on the Flush mail queue button.

With the SMTP proxy disabled, the message The SMTP proxy is currently disabled. Therefore no information is available. is shown.

Wireless status

The Wireless status page shows all currently clients connected via the wireless module, along with the following information:

  • The client’s MAC Address.

  • The SSID used by the client.

  • The power of the signal.

  • The receiving and transmitting bit-rate of the connection (RX Bitrate and TX Bitrate respectively).

  • The received and transmitted bytes (RX Bytes and Received Bitrate respectively).

Note

The bit-rate shows the negotiated speed between the Appliance and the client, and may vary over time, depending on factors like for example the number of connected clients.

A click on the update icon in the bottom right corner of the table will refresh the list.

Table Of Contents

Previous topic

The System Menu

Next topic

The Network Menu

Documentation archive

Version 3.2
Version 3.0
Version 2.5
Version 2.4
Version 2.3
Version 2.2
Version 2.1

Other products

Endian Hotspot 5.0
Endian 4i Edge 5.0