Blue Coat® Systems SG™ Appliance Volume 9: Managing the Blue Coat SG Appliance SGOS Version 5.2.
Contact Information Blue Coat Systems Inc. 420 North Mary Ave Sunnyvale, CA 94085-4121 http://www.bluecoat.com/support/contact.html bcs.info@bluecoat.com http://www.bluecoat.com For concerns or feedback about the documentation: documentation@bluecoat.com Copyright© 1999-2007 Blue Coat Systems, Inc. All rights reserved worldwide.
Contents Contact Information Chapter 1: About Managing the SG Appliance Document Conventions......................................................................................................................................7 Chapter 2: Monitoring the SG Appliance Using Director to Manage SG Systems ............................................................................................................9 Setting up Director and SG Appliance Communication ................................................
Volume 9: Managing the Blue Coat SG Appliance Restore-Defaults......................................................................................................................................... 34 Factory-Defaults......................................................................................................................................... 35 Keep-Console...........................................................................................................................................
Contents Viewing Traffic History ................................................................................................................................... 65 Understanding Chart Data ....................................................................................................................... 67 Refreshing the Data ................................................................................................................................... 67 About Bypassed Bytes....................
Volume 9: Managing the Blue Coat SG Appliance vi
Chapter 1: About Managing the SG Appliance Volume 9: Managing the Blue Coat SG Appliance describes how to monitor the SG appliance with SNMP (a brief introduction to Director is provided), event logging, or health monitoring. It also describes common maintenance and troubleshooting tasks.
Volume 9: Managing the Blue Coat SG Appliance 8
Chapter 2: Monitoring the SG Appliance This chapter describes the methods you can use to monitor your SG appliances, including event logging, SNMP, and health monitoring. A brief introduction to Director is also provided.
Volume 9: Managing the Blue Coat SG Appliance Note: The Blue Coat appliance certificate is an X.509 certificate that contains the hardware serial number of a specific SG device as the Common Name (CN) in the subject field. Refer to the device authentication information in Volume 5: Advanced Networking for more information about appliance certificates. Director Registration Requirements To register the appliance with Director, the SSH-Console service must be enabled.
Chapter 2: Monitoring the SG Appliance Setting up Director and SG Appliance Communication Director and the SG appliance use SSHv2 as the default communication mode. SSHv1 is not supported. For Director to successfully manage multiple appliances, it must be able to communicate with an appliance using SSH/RSA and the Director’s public key must be configured on each system that Director manages.
Volume 9: Managing the Blue Coat SG Appliance To delete a key: SGOS#(config sshd) delete director-client-key clientID Monitoring the System and Disks The System and disks page in the Management Console has the following tabs: ❐ Summary Provides configuration information and a general status information about the device. ❐ Tasks Enables you to perform systems tasks, such as restarting the system and clearing the DNS or object cache.
Chapter 2: Monitoring the SG Appliance Viewing System Environment Sensors The icons on the Environment tab are green when the related hardware environment is within acceptable parameters, and red when an out-of-tolerance condition exists. If an icon is red, click View Sensors to view detailed sensor statistics to learn more about the out-of-tolerance condition. Note: The health monitoring metrics on the Statistics > Health page also show the state of environmental sensors.
Volume 9: Managing the Blue Coat SG Appliance Viewing Disk Status You can view the status of each of the disks in the system and take a disk offline if needed. To view disk status or take a disk offline: 1. Select Maintenance > System and disks > Environment. The default view provides information about the disk in slot 1. Note: The name and appearance of this tab differs, depending on the range of disks available to the SG appliance model you use. 2.
Chapter 2: Monitoring the SG Appliance Viewing SSL Accelerator Card Information Selecting the Maintenance > System and disks > SSL Cards tab allows you to view information about any SSL accelerator cards in the system. If no accelerator cards are installed, that information is stated on the pane. To view SSL accelerator cards: Note: You cannot view statistics about SSL accelerator cards through the CLI. Select Maintenance > System and disks > SSL Cards.
Volume 9: Managing the Blue Coat SG Appliance Related CLI Commands for Setting the Event Logging Level SGOS#(config event-log) level {severe | configuration | policy | informational | verbose} Table 2-1. Event Logging Level Options severe Writes only severe error messages to the event log. configuration Writes severe and configuration change error messages to the event log. policy Writes severe, configuration change, and policy event error messages to the event log.
Chapter 2: Monitoring the SG Appliance Note: The SG appliance must know the host name or IP address of your SMTP mail gateway to mail event messages to the e-mail address(es) you have entered. If you do not have access to an SMTP gateway, you can use the Blue Coat default SMTP gateway to send event messages directly to Blue Coat. The Blue Coat SMTP gateway only sends mail to Blue Coat. It will not forward mail to other domains. To enable event notifications: 1. Select Maintenance > Event Logging > Mail.
Volume 9: Managing the Blue Coat SG Appliance To enable syslog monitoring: 1. Select Maintenance > Event Logging > Syslog. 2. In the Loghost field, enter the domain name or IP address of your loghost server. 3. Select Enable Syslog. 4. Click Apply. Related CLI Commands to Enable Syslog Monitoring SGOS#(config event-log) syslog {disable | enable} Viewing Event Log Configuration and Content You can view the system event log, either in its entirety or selected portions of it.
Chapter 2: Monitoring the SG Appliance Syslog notification: disabled Syslog facility: daemon Event recipients: SMTP gateway: mail.heartbeat.bluecoat.com Viewing the Event Log Contents Again, you can view the event log contents from the show command or from the event-log configuration mode.
Volume 9: Managing the Blue Coat SG Appliance Example SGOS# show event-log start "2004-10-22 9:00:00" end "2004-10-22 9:15:00" 2004-10-22 09:00:02+00:00UTC sysinfo-stats " 0 2D0006:96 "Snapshot sysinfo_stats has fetched / ../Snapshot_worker.cpp:183 2004-10-22 09:05:49+00:00UTC "NTP: Periodic query of server ntp.bluecoat.com, system clock is 0 seconds 682 ms fast compared to NTP time. Updated system clock. " 0 90000:1 ../ntp.
Chapter 2: Monitoring the SG Appliance Configuring SNMP Community Strings Use community strings to restrict access to SNMP data. To read SNMP data on the SG appliance, specify a read community string. To write SNMP data to the appliance, specify a write community string. To receive traps, specify a trap community string. By default, all community string passwords are set to public. Note: If you enable SNMP, make sure to change all three community-string passwords to values that are difficult to guess.
Volume 9: Managing the Blue Coat SG Appliance SGOS#(config snmp) trap-community password To set them as encrypted: SGOS#(config) snmp SGOS#(config snmp) enable SGOS#(config snmp) encrypted-read-community encrypted-password SGOS#(config snmp) encrypted-write-community encrypted-password SGOS#(config snmp) encrypted-trap-community encrypted-password Configuring SNMP Traps The SG appliance can send SNMP traps to a management station as they occur.
Chapter 2: Monitoring the SG Appliance Configuring Health Monitoring The health monitoring feature tracks key hardware and software metrics so that you can can quickly discover and diagnose potential problems. Director (and other third-party network management tools) also use these metrics to remotely display the current state of the SG appliance.
Volume 9: Managing the Blue Coat SG Appliance About the Health Monitoring Metric Types The SG appliance monitors the following types of health metrics: ❐ Hardware ❐ Environmental ❐ ADN ❐ System resource ❐ Licensing metrics The system resource and licensing thresholds are user-configurable, meaning that you can specify the threshold level that will trigger an alert. The hardware, environmental, and ADN metrics are not configurable and are preset to optimal values.
Chapter 2: Monitoring the SG Appliance Health Monitoring Example The following picture shows an example. The lower horizontal line represents the Warning threshold; the upper horizontal line is the Critical threshold. Note how they divide the graph into bands associated with each of the three possible states. Assume both thresholds have intervals of 20 seconds, and that the metric is currently in the OK state. 1. At time 0, the monitored value crosses the Warning threshold. No transition occurs yet.
Volume 9: Managing the Blue Coat SG Appliance For the license expiration metrics, the threshold interval is irrelevant and is set by default to 0. You should set the Warning Threshold to a value that will give you ample time to renew your license. By default, all license expiration metrics have a Warning Threshold of 30 days. By default, the Critical Threshold is configured to 0, which means that a trap is immediately sent upon license expiration.
Chapter 2: Monitoring the SG Appliance See “About License Expiration Metrics” on page 25 for information licensing thresholds. Metric Units Default Thresholds/Intervals Notes License Utilization Percentage Critical: 100%/0 For licenses that have user limits, monitors the number of users. Warning: 90%/0 License Expiration Days Critical: 0 days/0 Warning: 30 days/0 Warns of impending license expiration. For license expiration metrics, intervals are ignored.
Volume 9: Managing the Blue Coat SG Appliance Table 2-3.
Chapter 2: Monitoring the SG Appliance 4. Click Edit to modify the threshold and notification settings. The Edit Health Monitor Setting dialog displays. (hardware, environmental, and ADN thresholds cannot be modified.) 5a 5b 5c 5d 6 5. Modify the threshold values: a. To change the critical threshold, enter a new value in the Critical Threshold field. b. To change the critical interval, enter a new value in the Critical Interval field. c.
Volume 9: Managing the Blue Coat SG Appliance System health is determined by calculating the “aggregate” health status of the following metrics: ❐ CPU Utilization ❐ Memory Pressure ❐ Network interface utilization ❐ Disk status (for all disks) ❐ License expiration ❐ License “user count” utilization (when applicable) ❐ ADN status The possible health states are OK, Warning, or Critical.
Chapter 2: Monitoring the SG Appliance 4 4. Click Close to close the View Metrics Detail dialog. 5. Optional—If you want to modify a metric, highlight the metric and click Set Thresholds. The Maintenance > Health Monitoring page displays. To modify the metric, follow the procedure describe in “Changing Threshold and Notification Properties” on page 28.
Volume 9: Managing the Blue Coat SG Appliance 32
Chapter 3: Maintaining the SG Appliance This chapter describes how to maintain the SG appliance; for example, restarting the appliance, restoring system defaults, upgrading the appliance, and reinitializing disks.
Volume 9: Managing the Blue Coat SG Appliance 2. In the Restart field, select either Software only or Hardware and software. 3. If you select the Hardware and software option, select a system from the System to run drop-down list. The default system is pre-selected. 4. Click Apply. 5. Click Restart now. 6. Click OK to confirm and restart the SG appliance.
Chapter 3: Maintaining the SG Appliance ❐ Third-party vendor licenses, such as SmartFilter or Websense. If you use the restore-defaults command after you have installed licenses, and the serial number of your system is configurable (older boxes only), the licenses fails to install and the SG appliance returns to the trial period (if any time is left). To correct the problem, you must configure your serial number and install your license-key again. ❐ Blue Coat trusted certificates.
Volume 9: Managing the Blue Coat SG Appliance To restore system defaults: Note: The keep-console and factory-defaults options are not available through the Management Console. 1. Select Maintenance > System and disks > Tasks. 2. From the Tasks field, click Restore the configuration to defaults. If you restore the configuration from the Management Console, most settings are lost because you cannot use the keep-console option. The Restore Configuration dialog appears. 3. Click OK.
Chapter 3: Maintaining the SG Appliance To clear the object cache: 1. Select Maintenance > System and disks > Tasks. 2. In the Tasks field, click Clear next to “the object cache.” 3. Click OK to confirm in the Clear cache dialog that appears. Related CLI Syntax to Clear the Object Cache SGOS# clear-cache object-cache Clearing the Byte Cache You can clear the byte cache at any time. You might want to do this for testing purposes. To clear the byte cache: 1.
Volume 9: Managing the Blue Coat SG Appliance The SG Appliance 5.x Version Upgrade The appliance must be running version SGOS 4.2.1.6 or later in order to upgrade to SGOS 5.x. You cannot directly upgrade from any previous version. Note: At least one other system must be unlocked to do the upgrade. If all systems are locked, or all systems except the running system are locked, the Download button in the Management Console is disabled. Similarly, the load upgrade command in the CLI generates an error.
Chapter 3: Maintaining the SG Appliance 3. (Optional) Select the system to replace in the Replace drop-down list. If you uploaded an image from your PC, refresh the Systems pane to see the new system image. 4. Click Restart. The Restart system dialog displays. 5. Click OK to reboot the SG appliance to the default system. Related CLI Syntax to Upgrade the SGOS Software SGOS#(config) upgrade-path url where url is the location of the SGOS upgrade image.
Volume 9: Managing the Blue Coat SG Appliance Troubleshooting Tip If the SG appliance does not come up after rebooting and the serial port is connected to a terminal server (terminal concentrator), try the following: ❐ Have an active session open on the terminal server, noting any traffic (characters) being output. ❐ Unplug the terminal server from the appliance in case it is causing a problem (such as bad cabling).
Chapter 3: Maintaining the SG Appliance To view details for an SGOS system version: At the command prompt: SGOS> show installed-systems Example Session SGOS> show installed-systems SG Appliance Systems 1. Version: SGOS 4.2.1.1, Release ID: 25460 Thursday April 6 2006 08:49:55 UTC, Lock Status: Locked Boot Status: Last boot succeeded, Last Successful Boot: Thursday April 6 2006 17:33:19 UTC 2. Version: SGOS 4.2.1.
Volume 9: Managing the Blue Coat SG Appliance Note: An empty system cannot be specified as default, and only one system can be specified as the default system. Related CLI Syntax to Set the Default Boot System SGOS#(config) installed-systems SGOS#(config installed-systems) default system_number Locking and Unlocking SG Appliance Systems Any system can be locked, except a system that has been selected for replacement.
Chapter 3: Maintaining the SG Appliance Deleting an SG Appliance System You can delete any of the system versions except the current running system. A locked system must be unlocked before it can be deleted. If the system you want to delete is the default boot system, you need to select a new default boot system before the system can be deleted. You cannot delete a system version through the Management Console; you must use the CLI.
Volume 9: Managing the Blue Coat SG Appliance Single-Disk SG Appliance The disk on a single-disk SG appliance cannot be reinitialized by the customer. If you suspect a disk fault in a single-disk SG appliance, contact Blue Coat Technical Support for assistance. Deleting Objects from the SG Appliance The ability to delete either individual or multiple objects from the SG appliance makes it easy to delete stale or unused data and make the best use of the storage in your system.
Chapter 4: Diagnostics Blue Coat Systems has a number of resources to provide diagnostic information: ❐ Heartbeats: Enabled by default, Heartbeats (statistics) are a diagnostic tool used by Blue Coat, allowing them to proactively monitor the health of appliances. ❐ Core images: Created when there is an unexpected system restarted. This stores the system state at the time of the restart, enhancing the ability for Blue Coat to determine the root cause of the restart.
Volume 9: Managing the Blue Coat SG Appliance This chapter discusses the following topics: ❐ “Diagnostic Reporting (Service Information)” on page 46 (This includes taking snapshots of the system.
Chapter 4: Diagnostics 3. Enter the service-request number that you received from a Technical Support representative into the Auto Send Service Request Number field (the service-request number is in the form xx-xxxxxxx or x-xxxxxxx). 4. Click Apply to commit the changes to the SG appliance. 5. (Optional) To clear the service-request number, clear the Auto Send Service Request Number field and click Apply. Related CLI Syntax to Send Service Information To send service information automatically: 1.
Volume 9: Managing the Blue Coat SG Appliance Configure Service Information Settings The service information options allow you to send service information to Blue Coat using either the Management Console or the CLI. You can select the information to send, send the information, view the status of current transactions, and cancel current transactions using either the Management Console or the CLI.
Chapter 4: Diagnostics 4. (Optional) If you select Access Logs, Snapshots, or Contexts, you must also click Select access logs to send, Select snapshots to send, or Select contexts to send and complete the following steps in the corresponding dialog that appears: a. To select information to send, highlight the appropriate selection in the Access Logs/Snapshots/Contexts Not Selected field and click Add to Selected. b.
Volume 9: Managing the Blue Coat SG Appliance Creating and Editing Snapshot Jobs The snapshot subsystem periodically pulls a specified console URL and stores it in a repository, offering valuable resources for Blue Coat customer support in diagnosing problems. By default, two snapshots are defined. The first takes a snapshot of the system information URL once every 24 hours. The second snapshot takes an hourly snapshot of the system information statistics.
Chapter 4: Diagnostics 4. Enter the following information into the Edit Snapshot fields: a. Target: Enter the object to snapshot. b. Interval (minutes): Enter the interval between snapshot reports. c. Total Number To Take: Enter the total number of snapshots to take or select Infinite to take an infinite number of snapshots. d. Maximum Number To Store: Enter the maximum number of snapshots to store. e. Enabled: Select this to enable this snapshot job or deselect it to disable this snapshot job. 5.
Volume 9: Managing the Blue Coat SG Appliance Packet Capturing (the Job Utility) You can capture packets of Ethernet frames going into or leaving an SG appliance. Packet capturing allows filtering on various attributes of the frame to limit the amount of data collected. The maximum PCAP size allowed is 100MB. Any packet filters must be defined before a capture is initiated, and the current packet filter can only be modified if no capture is in progress.
Chapter 4: Diagnostics Note: Some qualifiers must be escaped with a backslash because their identifiers are also keywords within the filter expression parser. ❐ ip proto protocol where protocol is a number or name (icmp, udp, tcp). ❐ ether proto protocol where protocol can be a number or name (ip, arp, rarp). Table 4-1. PCAP Filter Expressions Filter Expression Packets Captured ip host 10.25.36.47 Captures packets from a specific host with IP address 10.25.36.47. not ip host 10.25.36.
Volume 9: Managing the Blue Coat SG Appliance Note: Requesting a packet capture download stops packet capturing. To analyze captured packet data, you must have a tool that reads Packet Sniffer Pro 1.1 files (for example, Ethereal or Packet Sniffer Pro 3.0). To enable, stop, and download packet captures: 1. Select Maintenance > Service Information > Packet Captures. 5 2 3 4 2. In the Direction drop-down list, select the capture direction: in, out, or both. 3.
Chapter 4: Diagnostics 6. Set the buffer size and method by choosing one of the following radio buttons: a. Capture all matching packets. b. Capture first n matching packets. Enter the number of matching packets (n) to capture. If the number of packets reaches this limit, packet capturing stops automatically. The value must be between 1 and 1000000. c. Capture last n matching packets. Enter the number of matching packets (n) to capture.
Volume 9: Managing the Blue Coat SG Appliance Related CLI Syntax to Define Packet Capturing Settings SGOS# pcap filter parameters SGOS# pcap start [subcommands] To start, stop, and download packet captures through a browser: 1. Start your Web browser. 2. Enter the URL: https://appliance_IP_address:8082/PCAP/Statistics and log on to the appliance as needed. The Packet Capture Web page opens. 3. Select the desired action: Start packet capture, Stop packet capture, Download packet capture file.
Chapter 4: Diagnostics To view current packet capture statistics: 1. Select Maintenance > Service Information > Packet Captures. 2. To view the packet capture statistics, click the Show statistics button. A window opens displaying the statistics on the current packet capture settings. Close the window when you are finished viewing the statistics.
Volume 9: Managing the Blue Coat SG Appliance Related CLI Syntax for Configuring Core Image Restart Options SGOS#(config) restart core-image {context | full | keep number | none} Diagnostic Reporting (Heartbeats) The SG appliance diagnostic reporting configurations are located in the Management Console (under the Maintenance > Hearbeats tab), and in the CLI (under the configuration diagnostics submode).
Chapter 4: Diagnostics Diagnostic Reporting (CPU Monitoring) You can enable CPU monitoring whenever you want to see the percentage of CPU being used by specific functional groups. For example, if you look at the CPU consumption and notice that compression/decompression is consuming most of the CPU, you can change your policy to compress/decompress more selectively. Note: CPU monitoring uses about 2-3% CPU when enabled, and so is disabled by default. To configure and view CPU monitoring: 1.
Volume 9: Managing the Blue Coat SG Appliance Note: The commands SGOS#(config) show cpu and SGOS#(config diagnostics) view cpu-monitor can sometimes display CPU statistics that differ by about 2-3%. This occurs because different measurement techniques are used for the two displays.
Chapter 5: Statistics The Statistics tabs of the Management Console allow you to view the status of many system operations. Many statistics are available through the CLI, but only in text output. You can also view detailed system information through the CLI using the show command. Access this command through either the enable command prompt (SGOS#) or the config command prompt (SGOS#(config)). For convenience, the procedures in this chapter show only the enable command prompt.
Volume 9: Managing the Blue Coat SG Appliance Viewing Traffic Distribution Statistics Use the Statistics > Traffic Mix page to display traffic distribution and bandwidth statistics for traffic running through the SG appliance. You can display statistics for proxy types, or for services, and for various time periods. h g e f b a c d Key: a. View aggregated bandwidth usage or gain graphs and statistics. b. View client or server byte-distribution charts and statistics. c.
Chapter 5: Statistics Note: Endpoint Mapper proxy bytes are the result of Microsoft Remote Procedure Call (MSRPC) communication for MAPI traffic. Understanding Chart Data The chart data updates automatically every 60 seconds. The units for the X and Y axis change according to the selected duration. For example, if you select "Last Week,” the X-axis displays the days of the week (the most current day is to the far right).
Volume 9: Managing the Blue Coat SG Appliance About the Default Service Statistics The default service statistics represent bytes for traffic that has been bypassed because it did not match: ❐ An existing service listener ❐ Other rules, such as static or dynamic bypass To view the default service bytes, click Default Ports... in the upper-right section of the Traffic Mix page. Figure 5-4.
Chapter 5: Statistics 5. Select the Proxy radio button to display the bandwidth usage statistics for all supported proxies. Viewing Client Byte and Server Byte Traffic Distribution Select the Client Bytes or Server Bytes tabs in the Traffic Mix page to view a pie chart of client byte or server byte statistics for the SG appliance over the last hour, day, week, month, or year.
Volume 9: Managing the Blue Coat SG Appliance b c a d e Key: a. View traffic history statistics by service or by proxy. b. Modify the historical reporting period. c. Include or exclude bypassed bytes. d. View totals for client bytes, server bytes, and bandwidth gain for the selected service or proxy type. e. Display charts for bandwidth usage, bandwidth gain, client bytes, and server bytes. Note: Bypassed bytes are bytes that are not intercepted by a service or proxy.
Chapter 5: Statistics Unsupported Proxy Types The Traffic History does not display data for the following proxy types: • DNS • IM • SOCKS • Telnet • P2P Understanding Chart Data The Traffic History chart data updates automatically every 60 seconds.
Volume 9: Managing the Blue Coat SG Appliance About Bypassed Bytes Bypassed bytes are bytes that are not intercepted by a service or proxy. By default, bypassed bytes are included in the traffic mix views. When evaluating traffic statistics for potential optimization, it can be useful to include or exclude the bypassed byte statistics. Include or exclude bypassed bytes in the charts and graphs by selecting or deselecting Include bypassed bytes.
Chapter 5: Statistics ❐ CIFS History The Statistics > Protocol Details > CIFS History pages enable you view statistics for CIFS objects, CIFS bytes read, CIFS bytes written, and CIFS clients. Refer to the CIFS chapter in Volume 2: Proxies and Proxy Services for more information about these statistics.
Volume 9: Managing the Blue Coat SG Appliance ❐ Streaming History The Statistics > Protocol Details > Streaming History pages enable you view statistics for Windows Media, Real Media, QuickTime, current streaming data, total streaming data, and bandwidth gain. Refer to the streaming chapter in Volume 3: Web Communication Proxies for more information about these statistics. For MMS bandwidth usage statistics, see the Traffic Mix and Traffic History pages.
Chapter 5: Statistics Viewing Concurrent Users The Concurrent Users tab shows users (IP addresses) going through the SG appliance for the last 60 minutes, day, week, month, and year. Only unique IP addresses of connections intercepted by proxy services are counted toward the user limit. To view concurrent users: Click Statistics > System > Resources > Concurrent Users.
Volume 9: Managing the Blue Coat SG Appliance Viewing Disk Use Statistics The Disk Use tab shows the SG appliance disk usage.
Chapter 5: Statistics Viewing Data Allocation Statistics in RAM and on Disk The Data tab shows the total and available disk space and RAM, and how they are currently allocated. The fields on the Data tab are described below. You can also view this information in the CLI.
Volume 9: Managing the Blue Coat SG Appliance Contents Statistics The Contents tabs (Distribution and Data) allow you to see information about objects currently stored or served organized by size. The cache contents include all objects currently stored by the SG appliance. The cache contents are not cleared when the appliance is powered off. Viewing Cached Objects by Size The Distribution tab shows the objects currently stored by the SG appliance, ordered by size.
Chapter 5: Statistics Event Logging Statistics The event log contains all events that have occurred on the SG appliance. Configure the level of detail available by selecting Maintenance > Event Logging > Level (For details, see “Configuring Which Events to Log” on page 15). To view the event log: 1. Select Statistics > System > Event Logging. 2. Click Log start or Log end or the forward and back arrow buttons to move through the event list. 3.
Volume 9: Managing the Blue Coat SG Appliance Failover Statistics At any time, you can view statistics for any failover group you have configured on your system. To view failover statistics: 1. Select Statistics > System > Failover. 2. From the Failover Group drop-down list, select the group to view.
Chapter 5: Statistics Analyzing Proxied Sessions Use the Statistics > Active Sessions > Proxied Sessions page to get an immediate picture of the sessions, protocol types, services, bytes, and bandwidth gains (derived from WAN optimization and object caching) associated with client traffic. The first time you navigate to the Proxied Sessions page, no data is displayed. To display proxied sessions data, click Show. The statistics displayed in the window are not automatically updated.
Volume 9: Managing the Blue Coat SG Appliance Table 5-1. Table Column Heading Descriptions on the Proxied Sessions Page Column Heading Description Client IP address and port of the client PC (or other downstream host). When the client connection is inactive, the contents of this column are unavailable (gray). A client connection can become inactive if, for example, a client requests a large object and then aborts the download before the SG appliance has completed downloading it into its cache.
Chapter 5: Statistics Table 5-1. Table Column Heading Descriptions on the Proxied Sessions Page (Continued) Column Heading Description Server Bytes Represents the number of bytes (to and from the server) at the socket level on the server connection. All application-level bytes are counted, including application overhead such as HTTP headers, CIFS headers, and so on.
Volume 9: Managing the Blue Coat SG Appliance Table 5-1. Table Column Heading Descriptions on the Proxied Sessions Page (Continued) Column Heading OC Description Object Caching. When displayed in color, this icon indicates that an HTTP, HTTPS, CIFS, Streaming, or FTP proxy is in use and the content is cacheable.
Chapter 5: Statistics Using the Tool Tips Hover the cursor over the following components to get more information: ❐ Table column headers—Displays the full name of the column header. ❐ Row values. ❐ Acceleration icons (C, BC, OC, P, BM)—Displays the icon identity. ❐ ADN, SOCKS, and FW icons—Displays the next hop. ❐ Client and Server icons—Displays the full hostname or IP address.
Volume 9: Managing the Blue Coat SG Appliance MMS The active sessions feature displays MMS streams that have a client associated with them. MMS streams that do not have a client associated with them (multicast, content management requests, and so on) are not displayed. MMS streams are displayed as follows: ❐ MMS UDP streams have two connections, one for data and one for control. ❐ MMS TCP streams have a single connection. ❐ MMS HTTP streams have a single connection.
Chapter 5: Statistics About the Byte Totals The client and server byte total is the sum of all bytes going to and from the client or server. All application-level bytes are counted, including application overhead such as HTTP headers, CIFS headers, and so on. TCP and IP headers, packet retransmissions, and duplicate packets are not counted. The following sections describe some of the factors that can affect the byte totals.
Volume 9: Managing the Blue Coat SG Appliance Figure 5-12. Filtering Proxied Sessions When you select a filter, a text field or popup displays so that you can enter filtering criteria. If you select a filter, you must enter a filtering criteria (or select None) before clicking Show. The following filters are available: ❐ Client Address Filter by IP address and IP address and subnet mask. ❐ Client Port ❐ Server Address Filter by IP address or hostname.
Chapter 5: Statistics The Bypassed Connections page displays data for connections that were not intercepted because: ❐ A service has not been configured to intercept the traffic. ❐ A static or dynamic bypass rule caused the traffic to be bypassed. ❐ The interface transparent interception setting is disabled. Viewing Bypassed Connections To view bypassed connections: 1. Select Statistics > Active Sessions > Bypassed Connections. 2. (Optional) Select a filter from the Filter drop-down list.
Volume 9: Managing the Blue Coat SG Appliance Table 5-2. Table Column Heading Descriptions on the Bypassed Connections Page (Continued) Column Heading Description Duration Displays the amount of time the connection has been established. Bypassed Bytes Displays the total number of bypassed bytes for the connection. Service Name Displays the service used by the connection. Details Provides additional information.
Chapter 5: Statistics Viewing HTML and XML Views of Bypassed Connections Data Access the following URLs to get HTML and XML views of active session statistics HTML: https://SGIP:8082/AS/BypassedConnections/ XML: https://SGIP:8082/AS/BypassedConnections/xml Viewing Health Monitoring Statistics The Statistics > Health page enables you to get more details about the current state of the health monitoring metrics.
Volume 9: Managing the Blue Coat SG Appliance 2. Click the appropriate link for the service you want to view. A list of categories for that service displays. Note: If you upgraded from SGOS 2.x or CacheOS 4.x and have log files generated by those versions, you can view or retrieve them through the Statistics > Advanced > Access Log > Show Old Logs URL. 3. To view the statistics for a particular category, click that category’s link. A window opens, detailing the relevant statistics. 4.
Chapter 5: Statistics resources Allocation of system resources snmp SNMP statistics streaming Streaming information system-resource-metrics System Resource Metrics 89
Volume 9: Managing the Blue Coat SG Appliance 90
Appendix A: Glossary A access control list Allows or denies specific IP addresses access to a server. access log A list of all the requests sent to an appliance. You can read an access log using any of the popular log-reporting programs. When a client uses HTTP streaming, the streaming entry goes to the same access log. account A named entity that has purchased the appliance or the Entitlements from Blue Coat.
Volume 9: Managing the Blue Coat SG Appliance authenticate-401 attribute All transparent and explicit requests received on the port always use transparent authentication (cookie or IP, depending on the configuration). This is especially useful to force transparent proxy authentication in some proxy-chaining scenarios authenticated content Cached content that requires authentication at the origin content server (OCS).
Appendix A: Glossary cache efficiency A tab found on the Statistics pages of the Management Console that shows the percent of objects served from cache, the percent loaded from the network, and the percent that were non-cacheable. cache hit Occurs when the SG appliance receives a request for an object and can serve the request from the cache without a trip to the origin server. cache miss Occurs when the appliance receives a request for an object that is not in the cache.
Volume 9: Managing the Blue Coat SG Appliance destination objects Used in Visual Policy Manager. These are the objects that define the target location of an entry type. detect protocol attribute Detects the protocol being used. Protocols that can be detected include: HTTP, P2P (eDonkey, BitTorrent, FastTrack, Gnutella), SSL, and Endpoint Mapper.
Appendix A: Glossary explicit proxy A configuration in which the browser is explicitly configured to communicate with the proxy server for access to content. This is the default for the SG appliance, and requires configuration for both browser and the interface card. extended log file format (ELFF) A variant of the common log file format, which has two additional fields at the end of the line—the referer and the user agent fields.
Volume 9: Managing the Blue Coat SG Appliance health check type The kind of device or service the specific health check tests.
Appendix A: Glossary issuer keyring The keyring used by the SG appliance to sign emulated certificates. The keyring is configured on the appliance and managed through policy. L licensable component (LC) (Software) A subcomponent of a license; it is an option that enables or disables a specific feature. license Provides both the right and the ability to use certain software functions within an AV (or SG) appliance. The license key defines and controls the license, which is owned by an account.
Volume 9: Managing the Blue Coat SG Appliance Management Console A graphical Web interface that lets you to manage, configure, monitor, and upgrade the SG appliance from any location. The Management Console consists of a set of Web pages and Java applets stored on the SG appliance. The appliance acts as a Web server on the management port to serve these pages and applets. management information base (MIB) Defines the statistics that management systems can collect.
Appendix A: Glossary non-cacheable objects A number of objects are not cached by the Blue Coat appliance because they are considered non-cacheable. You can add or delete the kinds of objects that the appliance considers non-cacheable. Some of the non-cacheable request types are: • Pragma no-cache, requests that specify non-cached objects, such as when you click refresh in the Web browser. • Password provided, requests that include a client password. • Data in request that include additional client data.
Volume 9: Managing the Blue Coat SG Appliance parent class (bandwidth gain) A class with at least one child. The parent class must share its bandwidth with its child classes in proportion to the minimum/maximum bandwidth values or priority levels. passive mode data connections (PASV) Data connections initiated by an FTP client to an FTP server. pipelining See object pipelining. policies Groups of rules that let you manage Web access specific to the needs of an enterprise.
Appendix A: Glossary R real-time streaming protocol (RTSP) A standard method of transferring audio and video and other time-based media over Internet-technology based networks. The protocol is used to stream clips to any RTPbased client. reflect client IP attribute Enables the sending of the client's IP address instead of the SG's IP address to the upstream server. If you are using an application delivery network (ADN), this setting is enforced on the concentrator proxy through the Configuration > App.
Volume 9: Managing the Blue Coat SG Appliance SG appliance A Blue Coat security and cache box that can help manage security and content on a network. sibling class (bandwidth gain) A bandwidth class with the same parent class as another class. simple network management protocol (SNMP) The standard operations and maintenance protocol for the Internet. It uses MIBs, created or customized by Blue Coat, to handle (needs completion). simulated live Used in streaming.
Appendix A: Glossary statistics Every Blue Coat appliance keeps statistics of the appliance hardware and the objects it stores. You can review the general summary, the volume, resources allocated, cache efficiency, cached contents, and custom URLs generated by the appliance for various kinds of logs. You can also check the event viewer for every event that occurred since the appliance booted. stream A flow of a single type of data, measured in kilobits per second (Kbps).
Volume 9: Managing the Blue Coat SG Appliance trial period Starting with the first boot, the trial period provides 60 days of free operation. All features are enabled during this time. U unicast alias Defines an name on the appliance for a streaming URL. When a client requests the alias content on the appliance, the appliance uses the URL specified in the unicastalias command to request the content from the origin streaming server.
Index A access logging 87 active sessions 76 bypassed connections 84 proxied sessions 77 ADN history 68 appliance certificate 9 automatic service information, enabling 46 B bandwidth gain 64 bandwidth management 68 bandwidth usage 64 Blue Coat monitoring, enabling 58 Blue Coat SG deleting image 43 deleting objects from 44 locking and unlocking a system 42 managing 40 replacing a system 40, 42 restarting 33 setting the default system to boot 41 single-disk 44 system defaults 34 upgrading 37, 38 viewing det
Volume 9: Managing the Blue Coat SG Appliance event logging statistics 75 O F objects deleting from Blue Coat SG 44 served by size 74 failover statistics 76 filter expressions for packet capturing 52 G graph scale 61 H health monitoring configuring 23 Director 23 general metrics 26 license expiration 25 licensing metrics 26 notification 26 properties, modifying 28 requirements 23 status metrics 27 thresholds 24 viewing statistics 30 health statistics 87 heartbeats, configuring 58 I image, deleting 4
Index Simple Network Management Protocol, see SNMP snapshot jobs creating and editing 50 SNMP community strings 21 enabling 20 MIB variables 20 MIBs 20 traps 22 SSH-Console service 10 SSHv2 host key 10 SSL accelerator cards, statistics, viewing 15 statistics cached objects by size 74 CPU utilization 70 data allocation 73 graph scale 61 objects served by size 74 system summary 12 syslog event monitoring 17 system cache clearing 36 system cache, troubleshooting 37 system defaults, restoring 34 system summar
Volume 9: Managing the Blue Coat SG Appliance 108
