In this page you find:
The status menu provides a set of pages that display information in both textual and graphic views about various daemons and services running on the Endian 4i Edge Appliance. No configuration option is available in this module, which only shows the current and recent status of the Endian 4i Edge Appliance.
The following items appear in the sub-menu on the left-hand side of the screen, each giving detailed status information on some functionalities of the Endian 4i Edge Appliance:
System status - services, resources, uptime, kernel
Network status - configuration of network interfaces, routing table, ARP cache
System graphs - graphs of resource usage
Traffic Graphs - graphs of bandwidth usage
Connections - list of all open TCP/IP connections
VPN connections - list of all OpenVPN connections
The default page that opens when clicking on Menubar ‣ Status is the System status page, which gives a lot of generic information about the running system, organised into boxes. At the top of the page, there are hyperlinks for each of these boxes: services, memory, disk usage, uptime and users, loaded modules, and the kernel version, each in its own box. In more details, these are the information presented in each box, which are usually the output of a Linux command.
This box shows the status of each service installed on the Endian 4i Edge Appliance,
marked as either Stopped or Running and accompanied
by a red or green square respectively. A service might appear as
stopped because the corresponding daemon or script is not enabled.
The output of the Linux free command supplies the data shown here. All numbers represented kilobytes of memory; a bar eases the visualisation of the memory used.
The first line shows the total used RAM memory, for which is normal to be close to 100% for a long time running system, since the Linux kernel uses all available RAM as disk cache to speed up I/O operations.
The second show the amount of RAM used by buffers and cached by processes. Ideally this value should be below 80% of the RAM, to keep some memory available for disk caching.
Finally, the third line shows the swap space occupied on disk. For a long running system it is normal to see moderate swap usage (the value should be below 20%), especially if not all the services are used all the time.
Whenever the RAM Used is high and a new process is launched by Linux, either portions of memory in use are discarded, or they are moved to the swap space, to free RAM needed by those processes. While it is normal for a Linux system to have almost all the RAM occupied, the high usage of total memory (RAM and swap) for long periods might indicate a possible problem on the Endian 4i Edge Appliance. Indeed, when too much memory is required by the running processes and it can not be allocated for all process will eventually slow down the system, that need a lot of time to move portions of RAM to the swap space and vice-versa.
The output of the Linux df command shows the disk devices -phisycal disks and partitions, their mount point and the space of each disk partition. The main partitions shown are:
The main disk
The data disk
The configuration disk, where all the Endian 4i Edge Appliance settings are stored
The log disk
The memory-mounted filesystems, like e.g., /dev/shm/ and
/var/volatile.
Note
The data disk and the log disk may grow over time, so enough space should be reserved for them - especially for the log disk. Remember also that disks which are more than 95% full may hinder the correct working of the system: For example, log files can not be stored anymore, or changes in the configuration can not be actually stored on disk.
See also
There are a few suggestions to free space on filled up partitions in this guide.
This box shows the output of the Linux w command, which
reports the current time (in the example below 15:21:38),
the uptime (6:18), the number of console users that are
currently logged into the system (1 user), and the system
load average for the past 1, 5, and 15 minutes (0.03, 0.02,
0.00).
Moreover, if any console user is logged into the system, some
information about it is displayed at the bottom, including the
username (root), the IP address or hostname from where he
is connected (192.168.1.97), and the command that he is
running (-bash),
15:21:38 up 6:18, 0 users, load average: 0.03, 0.02, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.1.97 Tue18 7:57 0.54s 0.54s -bashMore details about the content of this box can be found on the w(1) manual page.
The output of the Linux lsmod command. It shows the kernel modules currently loaded into memory. This information proves useful to advanced users only.
The output of the Linux uname -r command, which shows the current kernel version.
This page contains several information about the running state of the network interfaces. Four boxes are present on the page, and, like for the System status, hyperlinks are provided at the top of the page for a quicker access. The boxes contain the following information, representing the output of different shell commands.
The first box reports the output of the ip addr show command which provides for each network interface the associated MAC address, IP address, and additional communication parameters. The active interfaces are highlighted with the colour of the zone they are serving. The interface can be an ethernet interfaces, a bridge, or a virtual device.
The running configuration and capabilities of each of the NIC are shown here. Each interface is highlighted with the colour of the zone it is serving and is labelled as [Link OK] to indicate that it is working. Interfaces that are not used are labelled with ‘[NO Link]’. The command providing the output is ip link show.
The kernel routing table, as provided by the route -n command. Typically, there should be one line per active interface, which correctly routes the traffic within the zones served by the Endian 4i Edge Appliance, plus a default route (recognisable by the 0.0.0.0 Destination field) that allow the traffic to reach the Internet.
The last box shows the output of the arp -n command and shows the ARP table, i.e., a table containing the MAC address associated to each known IP address in the local network.
The graphs displayed in this page present the usage of resources during the last 24 hours: CPU, memory, swap, and disk usage, each accompanied with a legend of the data included in the graph, their associated colour, and a summary of the maximum, average, and current percentage of use. Moreover, a message informs of the time and date of the last update to the graphs, which matches the last access to the page.
When clicking on one of the graphs, a new page will open, with summaries of the usage graphs for the last day, week, month, and year. In these pages, a click on the BACK button allows to return to the previous page.
Note
The nan (short for “Not A Number”) string that may appear in the summaries designate that there are not enough data to calculate the usage of the selected resource. It can appear for example in the “per year usage” when the Endian 4i Edge Appliance is used for only a few weeks.
In this box is shown the CPU usage per day of the Endian 4i Edge Appliance, measured in percentage of the CPU time used by the various processes. The output is provided by the top command. Different colors are used to denote the type of running processes:
White - idle, i.e., time the CPU is not used by any process.
Green - nice processes, i.e., user processes which have changed their default priority.
Blue - user processes with default priority.
Orange - time spent by the CPU waiting for I/O tasks to complete.
Red - system (kernel) processes
Pink - softirq, i.e., the time spent for software interrupts
Brown - interrupt, i.e., is the time spent for hardware interrupts
Black - steal meaningful only if running as a virtual machine, is the time used by the hypervisor to run the VM.
This graph shows the memory usage during the last 24 hours. The following colours are used to denote the types of memory:
Green - unallocated memory, that can be allocated to new processes.
Blue - cache memory, copy of recent data used by processes.
Orange - buffer memory, a temporary portion of memory that stores data to be sent to -or received from- external devices.
Red - used memory.
The usage of the swap area, located on the hard disk, is displayed in this box.
Green - unallocated swap.
Blue - cached swap.
Red - swap space used.
This page contains the traffic graphs for the last 24 hours, divided by zone. Hence, depending on the zones enabled and configured, this page will contain 2, 3, or 4 boxes, each with one graphs. Like for the System graphs, the graphs are accompanied with a legend of the data displayed:
Green - the outgoing traffic.
Blue - the incoming traffic
Below the graphs, also the summary of the average, maximum, and current amount of data transmitted and received is displayed and updated in real time.
When clicking on one of the graphs, a new page will open, with summaries of the data flown through the Endian 4i Edge Appliance for the last day, week, month, and year. The data shown are the same in all the graphs: Incoming and outgoing traffic in blue and green respectively. In
Hint
To go back to the page with all the zone’s graphs, click on the BACK hyperlink on the bottom of the page.
This page shows a table containing the list of current connections from, to, or going through the Endian 4i Edge Appliance. The data shown here are devised by the kernel conntrack table. The following colours are employed in the table and used as the background of the cells in the table to denote the source and destination of the connection.
Green, red, orange, and blue are the zones governed by the Endian 4i Edge Appliance.
Black is used for connections involving the firewall, including daemons and services, like e.g., SSH or web accesses).
Purple shows connections using VPN or IPsec.
The data displayed in the table are the following.
The IP address from which the connection has started.
The port from which the connection has started.
The destination IP of the connection.
The destination port of the connection.
The protocol used in the connection, which is typically tcp or udp.
The current status of the connection, meaningful only for TCP connections. They are defined in RFC 793, significant states are ESTABLISHED (connection is active), TIME_WAIT (connection is closing) CLOSE (no connection).
How long will the connection remain in that particular status.
Note
The page refreshes automatically every 5 seconds.
Each IP address and each IP port in the table can be clicked to obtain useful information.
A click on the IP address will launch a whois query that will display various information about the IP address and the net block to which it belongs.
A click on the port number will open the Internet Storm Center web page, with information about the port (i.e., the purpose for which it is used) and about which services or malware (e.g., Trojans, viruses) may exploit that port and the number of attacks received on those ports by various servers worldwide.
When yon the Endian 4i Edge Appliance there are OpenVPN or IPsec servers running, this page shows the connected users, along with the service they rely on for the connection (OpenVPN, L2TP, IPsec Xauth), the time stamp since they are connected, and the possible actions that can be carried out. Currently, only to disconnect the user.
Version 3.0
Version 2.5
Version 2.4
Version 2.3
Version 2.2
Version 2.1