eG Monitoring
 

Measures reported by TopSitesTest

Studying network traffic to popular / frequently accessed web sites and measuring the bandwidth usage of this traffic is key to fine-tuning firewall policies in an enterprise and understanding the real bandwidth requirement. The TopSitesTest test simplifies this! For each web site that is configured for monitoring, this test reports the amount of data transmitted and received and the bandwidth utilized by that site. Web sites that consistently invite heavy traffic and consume excessive bandwidth can be identified in the process. If such sites are mission-critical business sites/applications, then this information will help you to determine the bandwidth required to ensure the peak performance of the sites and thus enable you to right-size your network. If such sites are inconsequential to your business, then this information will point you to where bandwidth is spent unnecessarily; this in turn will prompt you to initiate measures to control/regulate accesses to such sites.

To configure the web sites that this test should monitor, do the following:

  1. Edit the eg_netflow.ini file in the <EG_AGENT_INSTALL_DIR>\agent\config folder (on Windows; on Unix installations of the eG agent, you will find this file in the /opt/egurkha/agent/config folder).

  2. In the TOP SITES section of the file, create a sub-section for the managed NetFlow device. The IP address of the target NetFlow device should be the title of that sub-section. The sub-section title should be specified in square brackets. For instance, if you have managed the NetFlow device using the IP address 192.168.10.25 in your IT infrastructure, then, the specification in the eg_netflow.ini file will be:

    =================================
    TOP SITES
    =================================
    [192.168.10.25]

  3. In this sub-section, specify the URL of the web sites to be monitored, one after another. Against each site URL, specify a comma-separated list of IP addresses of that web site. For example, if the web site www.xyz.com is associated with the IP addresses, 192.168.10.30, 192.168.10.35, 192.168.10.40, 192.168.10.90, then your specification will be as follows:

    =================================
    TOP SITES
    =================================
    [192.168.10.25]
    www.xyz.com=192.168.10.30,192.168.10.35,192.168.10.40,192.168.10.90

    Where a site is associated with a specific range of IP addresses, you can even specify the IP range against the site URL, as shown below:

    =================================
    TOP SITES
    =================================
    [192.168.10.25]
    www.xyz.com=192.168.10.25-192.168.10.45

  4. Likewise, for a NetFlow device, you can configure multiple site URL specifications. For example:

    =================================
    TOP SITES
    =================================
    [192.168.10.25]
    www.xyz.com=192.168.10.25-192.168.10.45
    www.abc.com=192.168.10.125,192.168.10.121,192.168.10.130,192.168.10.90

  5. If a single eG agent is monitoring multiple NetFlow devices, then in the eg_netflow.ini file of that eG agent, you can create multiple sub-sections - one each for every NetFlow device - and configure web sites to be monitored for each device. For example:

    =================================
    TOP SITES
    =================================
    [192.168.10.25]
    www.xyz.com=192.168.10.25-192.168.10.45
    www.abc.com=192.168.10.125,192.168.10.121,192.168.10.130,192.168.10.90
    [192.168.10.200]
    www.eazycart.com=192.168.10.1,192.168.10.2
    www.fb.com=192.168.10.5,192.168.10.9

  6. Finally, save the file.

Outputs of the test : One set of results for every site URL that is configured for monitoring in the eg_netflow.ini file.

The measures made by this test are as follows:

Measurement Description Measurement Unit Interpretation
bytes Indicates the total amount of data transmitted and received by this web site during the last measurement period. KB Compare the value of this measure across web sites to identify which web site is contributing to the high level of network traffic.

Use the detailed diagnosis of this measure to determine the top netflows (in terms of the volume of data transacted) to or from this web site, and the amount of data transacted in bytes and packets in every flow. With the help of this detailed diagnosis, you can quickly compare the top netflows, know which netflow generated the maximum traffic, and figure out which source traffic originated from. Once the problem source is isolated, you can then investigate why traffic from that source is high.
packets Indicates the total number of packets transmitted and received by this web site during the last measurement period. Packets Compare the value of this measure across sources to identify which web site is contributing to the high level of network traffic.
bytesPerSec Indicates the rate at which this web site transmitted/received data. Kbps  
packetsPerSec Indicates the rate at which this web site transmitted/received packets. Packets/sec  
trafficRate Indicates what percentage of the total traffic on this interface was to this web site. Percent A value close to 100% for this measure indicates that traffic to this web site is imposing the maximum load on the network. If users complain of a latent network, you can compare the value of this measure across web sites to accurately identify the web site that is responsible for any congestion on the network.
BWUtilized Indicates the bandwidth utilized by this web site. Percent A value close to 100% is indicative of excessive bandwidth utilization by this web site when receiving data.

If users complain of a latent network, you can compare the value of this measure across web sites to accurately identify the web site that is responsible for any congestion on the network.
in_traffic Indicates what percentage of total incoming traffic on this interface pertains to this web site. Percent  
out_traffic Indicates what percentage of total outgoing traffic on this interface pertains to this web site. Percent  
in_bw Indicates the percentage of bandwidth utilized by traffic coming into this interface when receiving data for this web site from different sources and when receiving data from this web site. Percent A value close to 100% is a cause for concern as it implies a potential congestion in incoming traffic on this interface.
out_bw Indicates the percentage of bandwidth utilized by traffic going out of this interface when transmitting data to this web site and when transmitting data for this web site to a source. Percent A value close to 100% is a cause for concern as it implies a potential congestion in outgoing traffic on this interface.
in_octets Indicates the amount of data received by this web site. KB Compare the value of this measure across web sites to know which web site is receiving maximum data over this interface.
out_octets Indicates the amount of data sent by this web site. KB Compare the value of this measure across web sites to know which web site is transmitting maximum data over this interface.
in_packets Indicates the number of packets sent by this web site. Number  
out_packets Indicates the number of packets received by this web site. Number  
in_octetsRate Indicates the rate at which data is received by this web site. Kbps If the value of this measure consistently drops for this web site, it could indicate an incoming traffic congestion.
out_octetsRate Indicates the rate at which data is sent by this web site. Kbps If the value of this measure consistently drops for this web site, it could indicate an outgoing traffic congestion.
in_packetsRate Indicates the rate at which packets are received by this web site. Packets/Sec If the value of this measure consistently drops for this web site, it could indicate an incoming traffic congestion.
out_packetsRate Indicates the rate at which packets are transmitted by this web site. Packets/Sec If the value of this measure consistently drops for this web site, it could indicate an outgoing traffic congestion.