monitoring — Kernun firewall runtime monitoring support


In addition to logging, Kernun applications report their status using the runtime monitoring facility.

Monitoring in proxies provides a means for obtaining information about sessions in progress. Such a session has not yet written its final log message (e.g., SESSION-END), hence the log cannot be used to get information, such as the amount of data transferred during the session so far or the current communication speed. Proxy monitoring provides information about each active proxy process, i.e., a process serving some client. The output of monitoring includes session duration, client and server IP addresses and ports, size of transferred data received/sent from/to client/server, and the current speed of communication. Some proxies, for example ftp-proxy and http-proxy, provide additional information: user name, file name, or request URI. This additional data has the form of text strings of variable length, which have a fixed (configurable) space reserved in the communication file. Too long strings are truncated. The monitoring utilities provide indication of such truncation.

Applications using remote host monitoring via ICMP ECHO (ping) write data about total and recent ping attempts (i.e. number of sent packets, number of received responses and the round trip time).

The pikemon application writes yet another type of monitoring data about its own health status, priority and role and also some data about the cluster peer (priority, role, status and the last HELLO coming from the peer).

Monitoring is currently available in atrmon(8), ftp-proxy(8), http-proxy(8), imap4-proxy(8), pikemon(8), pop3-proxy(8), smtp-proxy(8), sqlnet-proxy(8), and tcp-proxy(8).

An application generates monitoring data into a communication file named in a directory specified in the configuration. The communication files are processed by the monitor(1) utility, which collects data from several communication files and outputs selected data in textual or HTML formats. Data in communication files are in a binary format that is decoded by an auxiliary program monitor-dump called by the monitor utility.

The current communication speed is computed from the amount of data processed in last T seconds, where T can be set in the configuration. The speed is only an approximation, which may differ from the real current bandwidth utilization, especially in the case of a long T parameter, short sessions or rapidly changing communication speed. It should be quite accurate during a long, steady data transfer.

See Also

monitor(1), atrmon(8), ftp-proxy(8), http-proxy(8), imap4-proxy(8), pikemon(8), pop3-proxy(8), smtp-proxy(8), sqlnet-proxy(8), tcp-proxy(8)


This man page is a part of Kernun Firewall.
Copyright © 2000–2023 Trusted Network Solutions, a. s.
All rights reserved.