SA Cfg: Concentrator Statistics

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

This topic lists and describes the available appliance statistics for RSA Security Analytics Concentrators. The Concentrator Console displays the default statistics. These statistical categories are read-only. Most of these statistics are identical in meaning to those for Decoder. When the statistical category has no relevance for Concentrator, it is noted in the description.

Available Concentrator Statistics

The following table describes the available Concentrator statistics.

                                                                                                                                                                                                                                                                                                                                                                                                                                   >                                                                 
ResourceDescription
Concentrator 
correlation.results.createdLists the number of correlation sessions created.
correlation.results.droppedLists the number of correlation sessions dropped due to insufficient system resources.
export.cache.filesLists the number of session export cache files that are waiting export.
export.percent.usageLists the percent of export cache storage used.
export.remote.statusDisplays the status of export remote storage location.
meta.free.pagesLists the number of pages available for aggregation.    
meta.rateLists the rate that metadata objects are being written to the database, where current is the currently reported meta per second rate. Values are rolling average samples over a short time period (10 seconds). After CAPTURE stops, current is reset to zero. 
meta.rate.maxLists the rate that metadata objects are being written to the database, where max is the maximum meta per second rate seen since CAPTURE was started. Values are rolling average samples over a short time period (10 seconds). After CAPTURE stops, max should still show the maximum value during CAPTURE. 
pages.correlateLists the number of correlation pages waiting for processing.
pages.evaluateLists the number of evaluation pages waiting for processing.
pages.exportLists the number of pages waiting to be exported.
pages.packageLists the number of pages waiting to create index packages.
pages.persistLists the number of pages waiting to be written to the database.
pages.serializeLists the number of serialize pages waiting for processing.    
pages.sortLists the number of pages waiting to be sorted for indexing. No longer used in Security Analytics 10.2
pages.statLists the number of pages waiting to update aggregation statistics.    
pages.streamLists the number of pages waiting to be streamed.
pages.updateLists the number of pages waiting to update the index.    
sessions.behindLists the number of sessions on the service that need to be aggregated. No longer used in Security Analytics 10.2
session.free.pagesLists the number of session pages available for aggregation.    

session.rate

Lists the rate that session objects are being written to the database, where current is the currently reported sessions per second rate. Values are rolling average samples over a short time period (10 seconds). After CAPTURE stops, current is reset to zero. 
session.rate.maxLists the rate that session objects are being written to the database, where max is the maximum sessions per second rate seen since CAPTURE was started. Values are rolling average samples over a short time period (10 seconds). After CAPTURE stops, max should still show the maximum value during CAPTURE. 
statusDisplays the current working status.    
time.lastDisplays the time of the last session that was aggregated. No longer used in Security Analytics 10.2
time.networkDisplays the number of milliseconds for a round of aggregation. No longer used in Security Analytics 10.2
time.network.maxDisplays the max time for a round of aggregation in milliseconds. No longer used in Security Analytics 10.2
Connections 
alive.sinceDisplays the time in UTC when this connection was established.    
bytes.compressed.receivedLists the number of compressed bytes received over the connection.    
bytes.compressed.sentLists the number of compressed bytes sent over the connection.    
bytes.max.message.receivedLists the number of bytes of the largest message received over the connection.    
bytes.max.message.sentLists the number of bytes of the largest message sent over the connection.    
bytes.uncompressed.receivedLists the number of uncompressed bytes received over the connection.    
bytes.uncompressed.sentLists the number of uncompressed bytes sent over the connection.    
connection.typeDisplays the type of connection, either native or rest.
last.activityDisplays the time in UTC when the last request or response was received or sent.
messages.receivedLists the number of messages received from this connection.    
messages.sentLists the number of messages sent from this connection.    
Database 
chainsLists the current number of chain objects held in the chain database. This value shrinks when the database rolls files off due to size constraints. This value is not reset when CAPTURE stops. No longer used in Security Analytics 10.2
meta.bytesLists the number of meta bytes in the database.
meta.first.idLists the lower bound meta id in the database.
meta.last.idLists the upper bound meta id in the database.
meta.oldest.file.timeLists the creation date-time of the oldest file in the meta database.
meta.totalLists the current number of metadata objects held in the meta database. This value shrinks when the database rolls files off due to size constraints. This value is not reset when CAPTURE stops. 
meta.rateLists the current rate metadata objects are being written to the database in the format current / max where current is the currently reported meta per second rate and max is the maximum meta per second rate seen since CAPTURE was started. Both values are rolling average samples over a short time period (10 seconds). After CAPTURE stops, current is reset to zero but max should still show the maximum value during CAPTURE. 
meta.rate.maxLists the maximum number of metadata written to the database per second.
packetsLists the current number of packet objects held in the packet database. This value shrinks when the database rolls files off due to size constraints. This value is not reset when CAPTURE stops. No longer used in Security Analytics 10.2
packets.bytesLists the number of bytes currently stored in the packet database. This value shrinks when the database rolls files off due to size constraints. No longer used in Security Analytics 10.2
rate.packetLists the current rate packets are being written to the database in the format current / max where current is the currently reported packets per second rate and max is the maximum packets per second rate seen since CAPTURE was started. Both values are rolling average samples over a short time period (10 seconds). After CAPTURE stops, current is reset to zero but max should still show the maximum value during CAPTURE. No longer used in Security Analytics 10.2
rate.sessionLists the current rate session objects are being written to the database in the format current / max where current is the currently reported sessions per second rate and max is the maximum sessions per second rate seen since CAPTURE was started. Both values are rolling average samples over a short time period (10 seconds). After CAPTURE stops, current is reset to zero but max should still show the maximum value during CAPTURE. No longer used in Security Analytics 10.2.
sessionsLists the current number of session objects held in the session database. This value shrinks when the database rolls files off due to size constraints. This value is not reset when CAPTURE stops.  No longer used in Security Analytics 10.2.
session.bytesLists the number of session bytes in the database.
session.first.idLists the lower bound session id in the database.
session.last.idLists the upper bound session id in the database.
session.oldest.file.timeLists the creation date-time of the oldest file in the session database.
session.rateLists the current number of sessions written to the database per second.
session.rate.maxLists the maximum number of sessions written to the database per second.
session.totalLists the number of sessions in the database.
statusLists the current status of all the databases on DECODER. Valid values are:
  • closed– SYSTEM is initializing and databases have not yet been opened. This value is seldom seen. 
  • opened– The database opened normally and is available for QUERY and UPDATE.
  • failure– The database failed to open. This can happen for any number of reasons. You can check this if CAPTURE fails to start or if queries fail to return data. This is normally caused by database corruption. 
Index 
checkpoint.pageDisplays the upper-bound page id for the last checkpoint save.    
checkpoint.summaryDisplays the upper-bound summary id for the last checkpoint save.    
db.sizeDisplays the size on disk of the index database (bytes).    
memory.usedDisplays the memory used by the index for values (bytes).    
meta.first.idDisplays the lower-bound meta id being tracked by the index.    No longer used on Security Analytics 10.2
meta.last.idDisplays the upper-bound meta id being tracked by the index.    No longer used on Security Analytics 10.2
page.first.idDisplays the first page id in the index page database.    
page.last.idDisplays the last page id in the index page database.    
page.totalLists the total number of pages in the index page database.    
pages.addedLists the number of pages added since the service started.    
session.first.idDisplays the lower-bound session id being tracked by the index.    
session.last.idDisplays the upper-bound session id being tracked by the index.    
sessions.since.saveLists the total number of sessions added to the index since the last checkpoint save.
summary.first.idDisplays the first summary id being tracked by the index.    
summary.last.idDisplays the last summary id being tracked by the index.    
summary.totalLists he total number of summaries in the index summary database.    
time.beginDisplays the time (UTC) of the first session being tracked by the index.    
time.endDisplays the time (UTC) of the last session being tracked by the index.    
values.addedLists the number of values added since the service started.    
Logs 
first.idDisplays the log ID of the first log message in the database.    
last.failure.idDisplays the log ID of the last failure message in the database.    
last.idDisplays the log ID of the last log message in the database.    
last.warning.idDisplays the log ID of the last warning message in the database.    
totalLists the total number of log messages stored in the database.    
SDK 
cache.window.time.beginReflects the time the cache for the SDK Summary window starts.    
cache.window.time.endReflects the time the cache for the SDK Summary window ends.    
queries.activeReflects the number of queries currently active.    
queries.pendingReflects the number of pending queries.    
Services 
alive.sinceDisplays the time (UTC) when this connection was established.    
bytes.compressed.receivedLists the number of compressed bytes received over the connection.    
bytes.compressed.sentLists the number of compressed bytes sent over the connection.    
bytes.max.message.receivedLists the number of bytes of the largest message received over the connection.    
bytes.max.message.sentLists the number of bytes of the largest message sent over the connection.
bytes.uncompressed.receivedLists the number of uncompressed bytes received over the connection.    
bytes.uncompressed.sentLists the number of uncompressed bytes sent over the connection.    
ipDisplays the IP address used by this connection.    
last.activityDisplays the time (UTC) when the last request or response was received or sent.
messages.receivedLists the number of messages received over the connection.    
messages.sentLists the number of messages sent over the connection.    
portDisplays the port used by this connection.    
stateDisplays the state of this connection, either open or closed.    
System 
config.filenameDisplays the configuration filename used by this service.
compidDisplays the computer ID as determined by the licensing module.
cpuDisplays the current CPU utilization
current.timeDisplays the current time (UTC) as set by the operating system.
hostnameDisplays the hostname of this system.
memory.processDisplays the memory (in bytes) used by this process.    
memory.process.maxDisplays the maximum memory (in bytes) used by this process.    
memory.systemDisplays the memory (in bytes) used by the system.    
memory.totalDisplays the total memory installed in this system.    
moduleDisplays the name of this service.    
revisionDisplays the software revision of this service.    
running.sinceDisplays the time (UTC) when this service was started.
service.nameDisplays the hostname or user supplied service name used for aggregation.
service.statusDisplays the current status of this service (Ready means fully initialized to accept all valid commands). 
system.infoDisplays information about the system.    
uptimeDisplays the amount of time this service has been running.    
versionDisplays the software version of this service.    
You are here: References > Service Statistics > Concentrator Statistics

Attachments

    Outcomes