ASDM 6.0 User Guide
Monitoring Properties
Downloads: This chapterpdf (PDF - 166.0KB) The complete bookPDF (PDF - 28.5MB) | Feedback

Monitoring Properties

Table Of Contents

Monitoring Properties

AAA Servers

Device Access

AAA Local Locked Out Users

Authenticated Users

ASDM/HTTPS Sessions

Secure Shell Sessions

Telnet Sessions

Connection Graphs

Perfmon

Xlates

CRL

DNS Cache

IP Audit

System Resources Graphs

Blocks

CPU

Memory

WCCP

Service Groups

Redirection


Monitoring Properties


This chapter contains the following topics:

AAA Servers

Device Access

Connection Graphs

Connection Graphs

DNS Cache

IP Audit

System Resources Graphs

WCCP

AAA Servers

This pane allows you to view and refresh AAA server statistics.

Fields

Server Group—Displays a configured server group, or LOCAL if none have been configured.

Protocol—Displays what protocol the server group uses for AAA.

IP Address—Displays the IP address of the configured AAA server.

Status—Displays the status (Active or Inactive) of the configured AAA server.

Below the list of AAA servers are the statistics for each configured server. You can clear the statistics by clicking Clear Server Statistics. You can refresh the server status by clicking Update Server Status

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


Device Access

This pane lets you monitor management sessions, AAA locked out users, and authenticated users. This section includes the following topics:

AAA Local Locked Out Users

Authenticated Users

ASDM/HTTPS Sessions

Secure Shell Sessions

Telnet Sessions

AAA Local Locked Out Users

The AAA Local Locked Out Users pane lets you view a list of users who have been locked out of ASDM because of failed login attempts. You can also clear selected lockout conditions or all lockouts.

Fields

Currently locked out users—Displays a list of the currently locked out users.

Lock Time—Specifies the amount of time that the user has been locked out of the system.

Failed Attempts—Specifies the number of failed login attempts.

User—The user name identified with the failed login attempts.

Clear lockout—Click to clear the selected user lockout condition.

Clear all lockouts—Click to clear all user lockout conditions. It is good practice to refresh the list of lockout conditions before clearing all lockouts.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


Authenticated Users

This pane lets you view which users have been authenticated to use the security appliance. Each row represents one user.

Fields

User—Displays the username of the person authenticated to use the security appliance.

IP Address—Displays the IP address of the user authenticated to use the security appliance.

Dynamic ACL—Displays the dynamic access list of the user authenticated to use the security appliance.

Inactivity Timeout—Displays the amount of time that the selected user must remain inactive before the session times out and the user is disconnected.

Absolute Timeout—Displays the amount of time that the selected user can remain connected before the session closes and the user is disconnected.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


ASDM/HTTPS Sessions

The ASDM/HTTPS pane lets you view currently connected ASDM/HTTPS sessions.

Fields

Session ID—Displays the name of a connected ASDM/HTTPS session.

IP Address—Displays the IP address of each host or network that is allowed to connect to this security appliance.

Disconnect—Select to disconnect a connected ASDM/HTTPS session.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


Secure Shell Sessions

The Secure Shell Sessions pane lets you view hosts connected to the security appliance for administrative access using the SSH protocol.

Fields

Client—Displays the client type for the selected SSH session.

User—Displays the user name for the selected SSH session.

State—Displays the state of the selected SSH session.

Version—Displays the version of SSH used to connect to the security appliance.

Encryption (in)—Displays the inbound encryption method used for the selected session.

Encryption (out)—Displays the outbound encryption method used for the selected session.

HMAC (in)—Displays the configured HMAC for the selected inbound SSH session.

HMAC (out)—Displays the configured HMAC for the selected outbound SSH session.

SID—Displays the secure ID of the selected session.

Disconnect—Click to disconnect a connected SSH session.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


Telnet Sessions

The Telnet Sessions pane lets you view currently connected Telnet sessions.

Fields

Session ID—Displays the name of a connected Telnet session.

IP Address—Displays the IP address of each host that is allowed to connect to this security appliance over Telnet.

Disconnect—Click to disconnect a connected Telnet session.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


Connection Graphs

The Connection Graphs pane lets you view connection information about the security appliance in graph format. You can view information about NAT and performance monitoring information, including UDP connections, AAA performance, and inspection information. This section includes the following topics:

Perfmon

Xlates

Perfmon

The Perfmon pane lets you view the performance information in a graphical format. You can choose up to four types of statistics to show in one graph window. You can open multiple graph windows at the same time.

Fields

Available Graphs—Lists the components you can graph.

AAA Perfmon—Displays the security appliance AAA performance information.

Inspection Perfmon—Displays the security appliance inspection performance information.

Web Perfmon—Displays the security appliance web performance information, including URL access and URL server requests.

Connections Perfmon—Displays the security appliance connections performance information.

Xlate Perfmon—Displays the security appliance NAT performance information.

Graph Window Title—Shows the graph window name to which you want to add a graph type. To use an existing window title, select one from the drop-down list. To display graphs in a new window, enter a new window title.

Add—Click to move the selected entries in the Available Graphs list to the Selected Graphs list.

Remove—Click to remove the selected statistic type from the Selected Graphs field.

Show Graphs—Click to display a new or updated graph window.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


Xlates

This pane lets you view the active Network Address Translations in a graphical format. You can choose up to four types of statistics to show in one graph window. You can open multiple graph windows at the same time.

Fields

Available Graphs—Lists the components you can graph.

Xlate Utilization—Displays the security appliance NAT utilization.

Graph Window Title—Shows the graph window name to which you want to add a graph type. To use an existing window title, select one from the drop-down list. To display graphs in a new window, enter a new window title.

Add—Click to move the selected entries in the Available Graphs list to the Selected Graphs list.

Remove—Click to remove the selected entry from the Selected Graphs list.

Show Graphs—Click to display a new or updated graph window.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


CRL

This pane allows you to view or clear associated CRLs of selected CA certificates.

Fields

CA Certificate Name—Choose the name of the selected certificate from the drop-down list.

View CRL—Click to view the selected CRL.

Clear CRL—Click to clear the selected CRL from the cache.

CRL Info—Display only. Displays detailed CRL information.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


DNS Cache

The security appliance provides a local cache of DNS information from external DNS queries that are sent for certain clientless SSL VPN and certificate commands. Each DNS translation request is first looked for in the local cache. If the local cache has the information, the resulting IP address is returned. If the local cache can not resolve the request, a DNS query is sent to the various DNS servers that have been configured. If an external DNS server resolves the request, the resulting IP address is stored in the local cache along with its corresponding hostname.

Important Notes

DNS cache entries are time stamped. The time stamp will be used to age out unused entries. When the entry is added to the cache, the time stamp is initialized. Each time the entry is accessed, the timestamp is updated. At a configured time interval, the DNS cache will check all entries and purge those entries whose time exceeds a configured age-out timer.

If new entries arrive but there is no room in the cache because the size was exceeded or no more memory is available, the cache will be thinned by one third, based on the entries age. The oldest entries will be removed.

Fields

Host— Shows the DNS name of the host.

IP Address—Shows the address that resolves to the hostname.

Permanent—Indicates whether the entry was made though a name command.

Idle Time—Specifies the time elapsed since the security appliance last referred to that entry.

Active—Indicates whether the entry has aged out. If there is not adequate space in cache, this entry may be deleted.

Clear Cache—Click to clear the entire DNS cache.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


IP Audit

The IP Audit pane lets you view the number of packets that match informational and attack signatures that are shown in graphical or tabular form. Each graph type shows the combined packets for all interfaces that have this feature enabled.

Fields

Available Graphs—Lists the types of signatures available for monitoring. See IP Audit Signatures for detailed information about each signature type. You can choose up to four types of statistics to show in one graph window. You can open multiple graph windows at the same time.

IP Options—Shows the packet count for the following signatures:

Bad Options List (1000)

Timestamp (1002)

Provide s, c, h, tcc (1003)

SATNET ID (1005)

IP Route Options—Shows the packet count for the following signatures:

Loose Source Route (1004)

Record Packet Route (1001)

Strict Source Route (1006)

IP Attacks—Shows the packet count for the following signatures:

IP Fragment Attack (1100)

Impossible IP Packet (1102)

IP Teardrop (1103)

ICMP Requests—Shows the packet count for the following signatures:

Echo Request (2004)

Time Request (2007)

Info Request (2009)

Address Mask Request (2011)

ICMP Responses—Shows the packet count for the following signatures:

Echo Reply (2000)

Source Quench (2002)

Redirect (2003)

Time Exceeded (2005)

Parameter Problem (2006)

ICMP Replies—Shows the packet count for the following signatures:

Unreachable (2001)

Time Reply (2008)

Info Reply (2010)

Address Mask reply (2012)

ICMP Attacks—Shows the packet count for the following signatures:

Fragmented ICMP (2150)

Large ICMP (2151)

Ping of Death (2154)

TCP Attacks—Shows the packet count for the following signatures:

No Flags (3040)

SYN & FIN Flags Only (3041)

FIN Flag Only (3042)

UDP Attacks—Shows the packet count for the following signatures:

Bomb (4050)

Snork (4051)

Chargen (4052)

DNS Attacks—Shows the packet count for the following signatures:

Host Info (6050)

Zone Transfer (6051)

Zone Transfer High Port (6052)

All Records (6053)

FTP Attacks—Shows the packet count for the following signatures:

Improper Address (3153)

Improper Port (3154)

RPC Requests to Target Hosts—Shows the packet count for the following signatures:

Port Registration (6100)

Port Unregistration (6101)

Dump (6102)

YP Daemon Portmap Requests—Shows the packet count for the following signatures:

ypserv Portmap Request (6150)

ypbind Portmap Request (6151)

yppasswdd Portmap Request (6152)

ypupdated Portmap Request (6153)

ypxfrd Portmap Request (6154)

Miscellaneous Portmap Requests—Shows the packet count for the following signatures:

mountd Portmap Request (6155)

rexd Portmap Request (6175)

Miscellaneous RPC Calls—Shows the packet count for the following signatures:

rexd Attempt (6180)

RPC Attacks—Shows the packet count for the following signatures:

statd Buffer Overflow (6190)

Proxied RPC (6103)

Add—Click to add the selected graph type to the Selected Graphs list.

Remove—Click to remove the selected graph type from the Selected Graphs list.

Show Graphs—Click to display a new or updated graph window.

Selected GraphsLists the graph types you want to show in the Selected Graphs list.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


System Resources Graphs

This pane lets you view the status of the security appliance memory, CPU, and block utilization. This section includes the following topics:

Blocks

CPU

Memory

Blocks

Blocks lets you view the free and used memory blocks. You can choose up to four types of statistics to show in one graph window. You can open multiple graph windows at the same time.

Fields

Available Graphs —Lists the components you can graph.

Blocks Used—Displays the security appliance used memory blocks.

Blocks Free—Displays the security appliance free memory blocks.

Graph Window Title—Shows the graph window name to which you want to add a graph type. To use an existing window title, select one from the drop-down list. To display graphs in a new window, enter a new window title.

Add—Click to move the selected entries in the Available Graphs list to the Selected Graphs list.

Remove—Click to remove the selected statistic type from the Selected Graphs list.

Show Graphs—Click to display a new or updated graph window.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


CPU

This pane lets you view the CPU utilization. You can choose up to four types of statistics to show in one graph window. You can open multiple graph windows at the same time.

Fields

Available Graphs—Lists the components you can graph.

CPU Utilization—Displays the security appliance CPU utilization.

Graph Window Title—Shows the graph window name to which you want to add a graph type. To use an existing window title, select one from the drop-down list. To display graphs in a new window, enter a new window title.

Add—Click to move the selected entries in the Available Graphs list to the Selected Graphs list.

Remove—Click to remove the selected graph type from the Selected Graphs list.

Show Graphs—Click to display a new or updated graph window.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


Memory

This pane lets you view the memory utilization. You can choose up to four types of statistics to show in one graph window. You can open multiple graph windows at the same time.

Fields

Available Graphs—Lists the components you can graph.

Free Memory—Displays the security appliance free memory.

Used Memory—Displays the security appliance used memory.

Graph Window Title—Shows the graph window name to which you want to add a graph type. To use an existing window title, select one from the drop-down list. To display graphs in a new window, enter a new window title.

Add—Click to move the selected entries in the Available Graphs list to the Selected Graphs list.

Remove—Click to remove the selected graph type from the Selected Graphs list.

Show Graphs—Click to display a new or updated graph window.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


WCCP

The Web Cache Communication Protocol redirects IPv4 traffic flows to web caches in real-time. In ASDM, you can monitor packet redirection of an interface using WCCP. WCCP also provides load balancing, scaling, fault tolerance, and fail safe services. Load balancing is provided by hashing based on the destination IP address. The hash values are used to choose the egress interface for any traffic flow. This protocol also enables the security appliance and WCCP clients to form service groups to support a service. This section includes the following topics:

Service Groups

Redirection

Service Groups

This pane allows you to view and refresh the service group, the display mode, and the hash settings.

Fields

Service Group—Choose the applicable service group from the drop-down list.

Display Mode—Choose the display mode from the drop-down list.

Destination IP Address—Specify the destination IP address.

Source IP Address—Specify the source IP address.

Destination Port—Specify the destination port number.

Source Port—Specify the source port number.

Redirection

This pane allows you to view and refresh WCCP interface statistics in either a summary or detailed format.

Fields

Show Summary—Choose this option to display statistics in a summary format.

Show Details—Choose this option to display statistics in a detailed format.