eG Monitoring
 

Measures reported by WgConnsTest

In computing, a stateful firewall (any firewall that performs stateful packet inspection (SPI) or stateful inspection) keeps track of the state of network connections (such as TCP streams, UDP communication) travelling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. The firewall will allow packets matching a known active connection only and all other connections will either be dropped or rejected. Connections may also be dropped when the firewall is not able to handle a huge volume of traffic. This is where the WgConnsTest test helps!

This test not only reports the total connections requested to the firewall, but also continuously tracks the connections that are currently active and enumerates the number of dropped connections, so that administrators can rapidly detect an abnormal increase in the number of dropped connections and determine what is causing it. This way, administrators can be proactively alerted to probable virus attacks/spams and initiate measures to protect their network from harm!

The measures made by this test are as follows:

Measurement Description Measurement Unit Interpretation
Connections_requested Indicates the total number of connections that were requested to this firewall since startup. Number This measure is a good indicator of the load on the firewall.
Active_connections Indicates the number of connections that were active or open on this firewall. Number An abnormally high value for this measure could indicate a probable virus attack or spam to a mail server in the network.
Connections_dropped Indicates the number of connections that were dropped by this firewall. Number Ideally, the value of this measure should be zero. If there is a consistent increase in the value of this measure, then it clearly indicates that the firewall is either processing a lot of malicious traffic or is under attack.