monitoring — Kernun firewall runtime monitoring support
In addition to logging, Kernun applications report their status using the runtime monitoring facility.
Monitoring in proxies provides a means for obtaining
information about sessions in progress. Such a session has not yet written
its final log message (e.g.,
SESSION-END), hence the log cannot be
used to get information, such as the amount of data transferred during
the session so far or the current communication speed. Proxy monitoring
provides information about each active proxy process, i.e., a process
serving some client.
The output of monitoring includes session duration, client
and server IP addresses and ports, size of transferred data received/sent
from/to client/server, and the current speed of communication. Some
proxies, for example ftp-proxy and http-proxy, provide additional
information: user name, file name, or request URI. This additional data
has the form of text strings of variable length, which have a fixed
(configurable) space reserved in the communication file. Too long strings
The monitoring utilities provide indication of such truncation.
Applications using remote host monitoring via ICMP ECHO (ping) write data about total and recent ping attempts (i.e. number of sent packets, number of received responses and the round trip time).
The pikemon application writes yet another type of monitoring data about its own health status, priority and role and also some data about the cluster peer (priority, role, status and the last HELLO coming from the peer).
An application generates monitoring data
into a communication file named
in a directory specified in the configuration.
The communication files are
processed by the monitor(1) utility,
which collects data from several
communication files and outputs selected data in textual or HTML formats.
Data in communication files are in a binary format that is decoded by an
auxiliary program monitor-dump called by
the monitor utility.
The current communication speed is computed from the amount of data
processed in last
T seconds, where
T can be set in the configuration.
The speed is only an
approximation, which may differ from the real current bandwidth utilization,
especially in the case of a long
short sessions or rapidly changing communication speed.
It should be quite accurate
during a long, steady data transfer.