The Status Menu

The status menu provides a set of pages that display information in both textual and graphic views about various daemons and services running on the Endian UTM Appliance. No configuration option is available in this module, which only shows the current and recent status of the Endian UTM Appliance.

The following items appear in the sub-menu on the left-hand side of the screen, each giving detailed status information on some functionalities of the Endian UTM Appliance:

  • System status - services, resources, uptime, kernel utm4i
  • Network status - configuration of network interfaces, routing table, ARP cache utm4i
  • System graphs - graphs of resource usage utm4i
  • Traffic Graphs - graphs of bandwidth usage utm4i
  • Proxy graphs - graph of HTTP proxy access statistics in the last 24 hours (week, month, and year) utm
  • Connections - list of all open TCP/IP connections utm4i
  • OpenVPN connections - list of all OpenVPN connections utm4i
  • SMTP mail statistics - graphs about the SMTP service.
  • Mail queue - SMTP server’s mail queue utm

System status utm4i

The default page that opens when clicking on Menubar ‣ Status is the System status page, which gives a quick overview of the running services, memory, disk usage, uptime and users, loaded modules, and the kernel version, each in its own box. At the top of the page, there are hyperlinks to each box. In more details, these are the information presented in each box, which are usually the output of some Linux command.

Services

The status (which is either stopped or running) of each service installed on the Endian UTM Appliance is shown here. A service might appear as stopped because the corresponding daemon or script is not enabled.

Memory

The output of the Linux free command supplies the data shown here. All data are represented with the real amount in kilobytes, and with a bar to ease the visualisation of the memory used. The first line shows the total used RAM memory, for which is normal to be close to 100% for a long time running system, since the Linux kernel uses all available RAM as disk cache to speed up I/O operations. The second line shows the memory actually used by processes: Ideally this value should be below 80% to keep some memory available for disk caching. If this value approaches 100%, the system will slow down because active processes are swapped to disk. If the memory usage remains for long periods of time over 80%, RAM should be added to improve performances. The third bar indicates the swap usage. For a long running system it is normal to see moderate swap usage (the value should be below 20%), especially if not all the services are used all the time.

Disk usage

The output of the Linux df command shows the disk devices -phisycal disks and partitions, their mount point and the space of each disk partition. Depending on the type of the Endian UTM Appliance, the data displayed in this box differ. Usually, , but usually they are: the root and var directories (/ and /var, respectively), /var/efw/ -which contains all the Endian UTM Appliance settings- and /var/log, containing all the logs. The /var and /var/log partition, along with /var, may grow over time, so there should be reserved enough space for them - especially the log directory. Remember also that no directory should be full above the 95%, since this may hinder the correct working of the system.

Uptime and users

This box shows the output of the Linux w command, which reports the current time, information about how long the system has been running since last reboot, the number of console users that are currently logged into the system (though normally there should be none) and the system load average for the past 1, 5, and 15 minutes. Additionally, if any console user is logged into the system, some information about the user is displayed (like the remote host from which she is logged in or what is she doing). More details can be found on the w(1) manual page.

Loaded modules

The output of the Linux lsmod command. It shows the kernel modules currently loaded into memory. This information should be useful to advanced users only.

Kernel version

The output of the Linux uname -r command, which shows the current kernel version.

Network status utm4i

This page contains several information about the running state of the network interfaces. Four boxes are present on the page, and, like for the System status, hyperlinks are provided at the top of the page for a quicker access. The boxes contain the following information, representing the output of different shell commands.

Interfaces

The first box reports the output of the ip addr show command which provides for each network interface the associated MAC address, IP address, and additional communication parameters. The active interfaces are highlighted with the colour of the zone they are serving. The interface can be an Ethernet interfaces, a bridge, or a virtual device.

NIC status

The running configuration and capabilities of each of the NIC are shown here. Each interface is highlighted with the colour of the zone it is serving and is labelled as [Link OK] to indicate that it is working. Interfaces that are not used are labelled with ‘[NO Link]’. The command providing the output is ip link show.

Routing table entries

The kernel routing table, as provided by the route -n command. Typically, there should be one line per active interface, which correctly routes the traffic within the zones served by the Endian UTM Appliance, plus a default route (recognisable by the 0.0.0.0 Destination field) that allow the traffic to reach the Internet.

ARP table entries

The last box shows the output of the arp -n command and shows the ARP table, i.e., a table containing the MAC address associated to each known IP address in the local network.

System graphs utm4i

Changed in version 2.5: Disk graphs.

The graphs displayed in this page present the usage of resources during the last 24 hours: CPU, memory, swap, and disk usage, each accompanied with a legend of the data included in the graph, their associated colour, and a summary of the maximum, average, and current percentage of use. Moreover, a message informs of the time and date of the last update to the graphs, which matches the last access to the page.

When clicking on one of the graphs, a new page will open, with summaries of the usage graphs for the last day, week, month, and year. In these pages, a click on the BACK button allows to return to the previous page.

Note

The nan (short for “Not A Number”) string that may appear in the summaries designate that there are not enough data to calculate the usage of the selected resource. It can appear for example in the “per year usage” when the Endian UTM Appliance is used for only a few weeks.

CPU graph

In this box is shown the CPU usage per day of the Endian UTM Appliance, measured in percentage of the CPU time used by the various processes. The output is provided by the top command. Different colors are used to denote the type of running processes:

  • White - idle, i.e., time the CPU is not used by any process.
  • Green - nice processes, i.e., user processes which have changed their default priority.
  • Blue - user processes with default priority.
  • Orange - time spent by the CPU waiting for I/O tasks to complete.
  • Red - system (kernel) processes
  • Pink - softirq, i.e., the time spent for software interrupts
  • Brown - interrupt, i.e., is the time spent for hardware interrupts
  • Black - steal meaningful only if running as a virtual machine, is the time used by the hypervisor to run the VM.

Memory graph

This graph shows the memory usage during the last 24 hours. The following colours are used to denote the types of memory:

  • Green - unallocated memory, that can be allocated to new processes.
  • Blue - cache memory, copy of recent data used by processes.
  • Orange - buffer memory, a temporary portion of memory that stores data to be sent to -or received from- external devices.
  • Red - used memory.

Swap graph

The usage of the swap area, located on the hard disk, is displayed in this box.

  • Green - unallocated swap.
  • Blue - cached swap.
  • Red - swap space used.

See also

A good page that clearly describes the linux memory management is here (also available in italian)

Disk usage graphs

Graphs showing the usage of the disk are split into four boxes, each showing the usage of a partition. In each of them, the green colour shows the free space, while the red colour shows the disk space used.

Changed in version 2.5: Disk graphs has been split into four Disk usage graph boxes, showing the space free and allocated in the four hard disk’s partitions.: Main disk, configuration disk, log disk, and data disk.

In older 2.5 Endian UTM Appliance, the disk graph was slightly different, since the data shown was not the disk usage, but the hard disk accesses, denoted by two colours:

  • Blue is used to show sectors read per second on the hard disk.
  • Green is used to show the sectors written per second on disk.

Traffic graphs utm4i

This page contains the traffic graphs for the last 24 hours, divided by zone. Hence, depending on the zones enabled and configured, this page will contain 2, 3, or 4 boxes, each with one graphs. Like for the System graphs, the graphs are accompanied with a legend of the data displayed: The outgoing traffic appears in green, the incoming traffic in blue). Below the graphs, also the summary of the maximum, average, and current amount of data transmitted and received is displayed, updated in real time.

When clicking on one of the graphs, a new page will open, with summaries of the data flown through the Endian UTM Appliance for the last day, week, month, and year. The data shown are the same in all the graphs: Incoming and outgoing traffic in blue and green respectively. In

Hint

To go back to the page with all the zone’s graphs, click on the BACK hyperlink on the bottom of the page.

Proxy graphs utm

The access statistics of the HTTP proxy during the last 24 hours are shown here. There are no graphs in this page if the HTTP proxy service in not active and has never been enabled. However, if the service has been running even for a short period during the last year, the data produced are still accessible by clicking on the graph. Similarly to the other graphs, older statistics are shown for the last day, week, month, and year. In this page, a click on the BACK hyperlink on the bottom allows to go back to the main page.

Note

To show the proxy graphs, HTTP proxy logging must be enabled under Proxy ‣ HTTP ‣ Configuration ‣ Log settings, by ticking the Enable logging checkbox. Also queried terms and useragents can be logged to produce more detailed logs and graphs.

After the HTTP proxy has been enabled, the four boxes show the following data:

  • Total traffic per day: the amount of data flown through the Endian UTM Appliance‘s proxy service. In green is show the outgoing traffic, while in blue the incoming traffic.
  • Total Accesses per Day. The number of HTTP requests, depicted in blue, received by the Endian UTM Appliance.
  • Cache hits per day. The number of cache data requested
  • Cache hits ratio over 5 minutes per day. The number of cache data requested during a five minutes period.

Connections utm4i

This page shows a table containing the list of current connections from, to, or going through the Endian UTM Appliance. The data shown here are devised by the kernel conntrack table. The following colours are employed in the table and used as the background of the cells in the table to denote the source and destination of the connection.

  • Green, red, orange, and blue are the zones governed by the Endian UTM Appliance and
  • Black is used for connections involving the firewall, including daemons and services, like e.g., SSH or web accesses)
  • PURPLE shows connections using VPN or IPsec.

The data displayed in the table are the following.

Source IP
The IP from which the connection has originated.
Source port
The port from which the connection has originated.
Destination IP
The IP to which the connection is directed.
Destination port
The port to which the connection is directed.
Protocol
The protocol used in the connection, which is typically tcp or udp.
Status
The current status of the connection, meaningful only for TCP connections. They are defined in RFC 793, significant states are ESTABLISHED (connection is active), CLOSE (no connection).

Each IP address and each IP port in the table can be clicked to obtain useful information. Clicking on the IP address will launch a whois query that will display who the owner of the IP address is and where it is located. Clicking on the port number will open the ISC web page, with information about the port (i.e., if it is usually used by some service or daemon) and about which services or malware (e.g., Trojans, viruses) may exploit that port and the number of attacks received on those ports by various servers worldwide.

OpenVPN connections utm4i

When the Endian UTM Appliance is configured as an OpenVPN server, this page reports a list of all the connected OpenVPN users, their assigned and real IP addresses, the received (RX) and transmitted (TX) bytes, the connection time, the update, and possible actions that can be carried out, i.e., either to kill the connection or to ban the user. The difference between killing and banning is that banned users will not be able to reconnect after their connection has been killed.

Note

This box is the same displayed under Menubar ‣ VPN ‣ Server Configuration ‣ Connections.

SMTP mail statistics utm4i

Four boxes appear on this page showing graphs about the email sent by the local SMTP server on the Endian UTM Appliance for the current day, week, month, and year.

Hint

Neither information nor graphs are displayed if the SMTP server is not enabled.

Each box contains two graphs, both of which present on the y-axis the number of e-mail per minute and on the x-axis the time, whose unit of measure changes according to the type of graph: A two hours span in the Day graphs, one day in the week graphs, one week in the Month graphs and one month in the year graphs.

The graph on the top shows a summary of the number of message per minute sent (in blue) or received (in green) by the Endian UTM Appliance. The graph at the bottom can be seen as a more fine-grained version of the other graph, since it displays the e-mails that have been rejected (in red) or bounced (in red), those that have been intercepted because of viruses (in yellow), and those that have been recognised as spam (in grey).

Below each graph, there are also textual information concerning each category of email (sent, received, rejected, bounced, virus, and spam) about the total number, the average, and the highest number of e-mail (“msgs”) processed, plus the timestamp (date and time) of the latest update to the page.

Note

The SMTP graphs can not be reproduced on the Mini Appliances, since they require too many resources.

Mail queue utm

When the SMTP proxy is enabled, this page shows the current e-mail queue. With no e-mails in the queue, the message Mail queue is empty is displayed, but when some e-mail is there, it is possible to flush the queue by clicking on the Flush mail queue button. With the SMTP proxy disabled, only the message recalling its disabled status is shown.