CLI: Monitor

You can use the monitor command to configure details relevant to monitoring charts and the monitoring data that is collected.You can configure how the data is displayed, how the traffic is analyzed for monitoring purposes, which order of resolution methods are tried when resolving IP addresses to hostnames, whether data is collected, and whether collected data is deleted.

Configuring APM

monitor apm

To set the normalization size for APM calculation:

monitor apm transaction normalize <value>

<value> - When calculating the network delay experienced during a transaction, the packet size can be normalized to reflect a consistent packet size allowing you to more easily compare delays when the packets are variable in size. Specify the number of bytes used to normalize the calculation of the network delay during a transaction. The default value is 1024, and the maximum value is 1048576.

Configuring monitoring sensitivity

monitor {bit-torrent|edonkey|openvpn|sensitivity|skype}

To set bit-torrent monitoring sensitivity:

monitor bit-torrent sensitivity {high|med|low}

{high|med|low} - Setting this to 'high' is recommended for most service provider environments. Setting it to 'low' is recommended in cases of high false positives.

To set eDonkey monitoring sensitivity:

monitor edonkey sensitivity {high|med|low}

{high|med|low} - Setting this to 'high' is recommended for most service provider environments. Setting it to 'low' is recommended in cases of high false positives.

To specify the sensitivity of the openvpn traffic monitoring:

monitor openvpn sensitivity {aggressive|safe}

To set the minimum number of packets needed before it is monitored:

monitor sensitivity <sensitivity>

<sensitivity> - Acceptable values are between 1 and 10, with 10 being the lowest sensitivity.
Setting this to a low value is not recommended in high load environments. When the sensitivity is set to a low value such as 9, flows that contain less than nine packets over a five minute period are not stored in the database. This prevents port scans from loading hundreds of unnecessary rows of data into the database.

To set Skype monitoring sensitivity:

monitor skype {high|med}

{high|med} - Setting this to 'high' is recommended for most service provider environments.

Configuring displays

monitor display {chart-size|graphing|real-time|table-size|url-size}

To modify how monitoring screens are displayed:

monitor display {chart-size|graphing|real-time|table-size|url-size}

chart-size <size>: Number of chart items to display. Acceptable values are 1-10.
graphing {flash|non-flash}: Display the charts using Adobe Flash or non-Flash.
real-time update <time in seconds>: Frequency that real-time charts are refreshed. Available values are 10, 20, 30, 40, 50, 60 seconds. Note that the real-time display shows 10 seconds of data regardless of the refresh frequency.
table-size <size>: Number of lines of data displayed in report tables. Acceptable values are 1-1000.
url-size <size>: Limit the number of characters used when displaying a URL. Acceptable values are 0 - 255.

Controlling order of hostname resolution methods

monitor host-resolution

To control the order of resolution methods tried when resolving IP addresses to hostnames:

monitor host-resolution {DNS|IP|Netbios|Network_Object} rank <ranking order>

There are multiple host resolution methods that can be used to resolve IP addresses to hostnames. The system will attempt to resolve the hostname using one of the methods. If that method fails it will try another method. You can determine the order of host resolution methods that the system will use by ranking the first method as 1, the next as 2, and so on.
DNS - The IP addresses will be resolved according to the DNS mappings.
IP - The IP addresses will NOT be resolved to hostnames.
Netbios - The IP addresses will be resolved to NetBIOS names.
Network_Object - The IP addresses will be resolved according to the configured network objects.
<ranking order> - Rank the method 1 - 4.

E X A M P L E

monitor host-resolution Network_Object rank 1

monitor host-resolution Netbios rank 2

monitor host-resolution DNS rank 3

monitor host-resolution IP rank 4

Configuring traffic analysis & monitoring

[no] monitor {dual-bridge-bypass|layer7|linklocal|asam}

To enable viewing flow data in the real-time monitor per bridge or merged into a single flow:

[no] monitor dual-bridge-bypass

When enabled, a flow that traverses more than one bridge will be shown multiple times, once per bridge, in the real-time monitor.
When disabled, a flow that traverses more than one bridge will be merged into a single flow in the real-time monitor.

To enable layer7 monitoring:

[no] monitor layer7

Controls whether to analyze the application signatures within a packet to further classify the traffic within the reports. For example, when analyzing HTTP and FTP traffic and an MPEG file is detected within the packets, the application associated with the connection is changed to MPEG.
When disabled, the Layer 7 signatures within packets are not analyzed and any application detection objects with Layer 7 rules are ignored.

To enable IPv6 link local traffic monitoring:

[no] monitor linklocal

To configure Application Specific Analysis Modules (ASAM) settings, which enables/disables drill-down monitoring capabilities for the specified application:

[no] monitor asam {anonymousproxy|apm|asymm-route|citrix|dcerpc|http|ssl|urllog|voip} enable

anonymousproxy - When enabled, the system attempts to match the HTTP hostname and SSL common name against the list of anonymous proxy URLs downloaded by the appliance daily.

Disable this module if it appears that an applications is being misclassified as anonymous proxy.
apm - When enabled, this module calculates the network delay, server delay, round trip time (RTT), loss, efficiency, and TCP health for TCP connections.

Disable this module if the RAM or CPU usage is increasing and affecting the performance of the appliance. See the RAM Usage Report or CPU Usage Report.
asymm-route - When enabled, this module collects connection symmetry information.
citrix - When enabled, the appliance attempts to extract user names and applications names from Citrix connections.
Disable this module to stop the appliance in locations where privacy policy does not permit this type of user identification.
dcerpc - When enabled, this module watches for client requests for Microsoft services such as MAPI and SMB.
http - When enabled, this module attempts to further analyze connections identified as HTTP and attempts to extract information such as the host, URL, request type, and content type.
ssl - When enabled, this module extracts public certificates from connections identified as SSL and decodes the information from those certificates (such as common name and organization unit).
urllog - When enabled, every URL seen by the appliance is logged to the database. Specify how long (in days) the data will be saved.
voip - When enabled, this module extracts VoIP related information such as code type and call quality information (MoS and rFactor scoring) from connections identified as RTP.

Configuring statistics collection

[no] monitor {ignore-internal|statistics}

To enable ignore internal to internal traffic:

[no] monitor ignore-internal

Your network may have network objects on the WAN side of the appliance that have been configured as Internal objects, for example a router or firewall. Enabling the Ignore Internal-to-Internal option prevents traffic between network objects being included in the reports.

To enable collecting statistics:

[no] monitor statistics {subnet|subnet-application|virtual-circuit} enable

subnet - Enable or disable collection of subnet data. This setting applies to all subnets on the appliance.
virtual-circuit - Enable or disable collection of virtual circuit data and application data summarized across the appliance. If disabled, there will be no data shown in the virtual circuit chart or in the application chart. Data collection for applications within a subnet is enabled and disabled independent of this setting. This setting applies to all virtual circuits on the appliance.

Deleting stored monitoring data

monitor clear

To clear stored monitoring data:

monitor clear {all|apm|appliance|subnet|aps|interface|monitor|network|optimizer|reduction|sla}

all - Deletes all data associated with the all of the clear parameters below.
apm - Deletes all data associated with Application Performance Metric (APM) charts, which are the detailed metric charts for the APS monitor.
appliance - Deletes all data associated with the system charts - Connections, Accelerated Connections, CPU Usage, CPU Temperature, RAM Usage, Disk IO, and Swap Usage charts.
subnet - Deletes all subnet data associated with the subnets charts.
aps - Deletes all data associated with Application Performance Score (APS) summary chart.
interface - Deletes all data associated with the Interfaces charts - Interface Throughput and Interface Packets Per Second charts.
monitor - Deletes all detailed data, that is, deletes all the drill down data for applications, hosts, URLs, users, conversations. Summary information, that is, the totals for the entire appliance will still be available.
network - Deletes all data associated with the Network Summary charts.
optimizer - Deletes all data associated with the Control charts - Policies, Discard, and Prioritization Ratio charts.
reduction - Deletes all data associated with the Optimization charts - Reduction and Edge Cache charts.
sla - Deletes all data associated with Network Response (SLA) chart.

Viewing the configuration

show monitor {diagnostics|setup}

To display the diagnostic configuration, such as graphing format, Layer 7 monitoring, host resolution, and monitoring database status:

show monitor diagnostics

To display the monitoring configuration:

show monitor setup