The Vitals dashboard is created by default in the Admin user’s dashboard during a new install. This dashboard provides vital information on how well the servers are handling the NetFlow, IPFIX and sFlow volume and other server metrics. Vital information is reported for all servers in a Distributed collector Environment.
The following dashboard gadgets are available:
- CPU Utilization: Average CPU utilization for the Scrutinizer server(s).
- Memory Utilization: This gadget displays how much memory is available after what is consumed by all programs on the computer is deducted from Total Memory. It is not specific to NetFlow being captured.
The flow collector will continue to grab memory depending on the size of the memory bucket it requires to save data and it will not shrink unless the machine is rebooted. This is not a memory leak.
Storage Available: The Storage report displays the amount of disk storage space that is available. After an initial period of a few weeks/months, this should stabilize providing that the volume of NetFlow stays about the same.
Flow Metric by Exporter: The following metrics are provided per exporter:
- MFSN: Missed Flow Sequence Numbers. NOTE: Sometimes MFSN will show up as 10m or 400m. To get the dropped flows per second, divide the value by 1000ms. A value of 400m is .4 of a second. 1 / .4 = 2.5 second. A flow is dropped every 2.5 seconds or 120 (i.e. 300 seconds/2.5) dropped flows in the 5 minute interval displayed in the trend.
- Packets: Average Packets per second
- Flows: Average Flows per second: This is a measure of the number of conversations being observed.
There can be as many as 30 flows per NetFlow v5 packet (i.e. UDP datagram) and up to 24 flows per NetFlow v9 datagram. With sFlow, as many as 1 sample (i.e. flow) or greater than 10 samples can be sent per datagram.
Flow Metric by Listening Port: The above metrics are also available per listening port. The flow collector can listen on multiple ports simultaneously. The defaults are 2055, 2056, 4432, 4739, 9995, 9996 and 6343, however, more can be added at Admin->Settings->System Preferences->Listener Port.
Database Statistics: Provides the following database metrics:
- Connections by Bytes: Excessive connections can result in reduced performance. NOTE: Other applications using the same database will cause this number to increase.
- Read Req: The number of requests to read a key block from the cache. A high number of requests means the server is busy.
- Write Req: The number of requests to write a key block to the cache. A high number of requests means the server is busy.
- Cache Free: The total amount of memory available to query caching. Contact support if the query cache is under 1MB.
- Queries: Tracks the number of queries made to the database. More queries indicates a heavier load to the database server. Generally there will be spikes at intervals of 5 minutes, 30 minutes, 2 hours, 12 hours, etc. This indicates the rolling up of statistics done by the stored procedures. This Vitals report is important to watch if the NetFlow collector is sharing the database server with other applications.
- Threads: Threads are useful to help pass data back and forth between Scrutinizer and the database engine. The database server currently manages whether or not to utilize the configured amount of threads.
- Buffers Used: Key Buffers Used - indicates how much of the allocated key buffers are being utilized. If this report begins to consistently hit 100%, it indicates that there is not enough memory allocated. Scrutinizer will compensate by utilizing swap on the disk. This can cause additional delay retrieving data due to increased disk I/O. On larger implementations, this can cause performance to degrade quickly. Users can adjust the amount of memory allocated to the key buffers by modifying the database configuration file and adjusting the key buffer size setting. A general rule of thumb is to allocate as much RAM to the key buffer as possible, up to a maximum of 25% of system RAM (e.g. 1GB on a 4GB system). This is about the ideal setting for systems that read heavily from keys. If too much memory is allocated, the risk is seeing further degradation of performance because the system has to use virtual memory for the key buffer. The check tuning Interactive scrut_util command can help with recommended system settings.
Syslogs Received and Processed: Syslog activity for the servers is provided in this gadget.
Custom dashboard gadgets can be created for any of the other Vitals Reports that are listed in the Vitals Reporting section. The Vitals Dashboard can also be copied to another user, or recreated by selecting the desired gadgets from the gadget panel.