Monitoring system health
Use the Forcepoint Security Manager to monitor the performance of Forcepoint DLP modules.
page in theThe tree view displays the names of all system modules, including servers and agents. Click a server or agent to ascertain its health.
For most components, the following information is displayed:
Chart | Description |
---|---|
System Summary | Information about the server, including operating system and version, time zone, and free disk space. |
CPU Usage | The percentage of the CPU that is being used by the machine’s processes over the specified time frame. |
Memory Usage | The percentage of memory that is being used by the machine’s processes over the specified time frame. |
- Primary fingerprint repository
- Endpoint server
- Policy engine
- OCR server (secondary Forcepoint DLP servers only)
- Policy engine
- Secondary fingerprint repository
When a module is selected, information about the system health and performance of that module is shown. The right-hand part of the screen displays the statistics for events flowing through the system, showing how the system behaves with regards to traffic type (channels) and how busy the components are.
It also displays charts with information that can be used to help fine-tune the system and optimize Forcepoint DLP performance. The charts displayed depend on the module chosen:
- For protector:
Chart | Description |
---|---|
Packet loss and dropped transaction indication | Indicates the levels of packet loss and dropped transaction rates. |
Number of events sent to analysis | The number of events sent for analysis by this protector in the specified time frame. |
Load average | Average amount of work performed by the protector in the specified time frame. For optimum performance, the number on the chart should not exceed the number of available processors in the System Summary: for example, if the system load average is 3 and there are 2 available processors, the system might work slowly. |
Memory usage | The percentage of memory used by machine processes. |
Total Throughput | Total amount of traffic (in KB per second) monitored by the protector. This includes both interesting and non- interesting sessions. |
Data sent to analysis throughput | Total amount of traffic (in KB per second) sent for analysis by this protector. |
- For the policy engine:
Chart | Description |
---|---|
Analysis status | Displays the request load on the policy engine for analysis by time period. |
DLP—number of analyzed events | Number of DLP events analyzed by this policy engine in the specified time frame. |
DLP—number of incidents | Number of DLP incidents detected by this policy engine in the specified time frame. |
Discovery—number of analyzed items | Number of discovery items analyzed by this policy engine in the specified time frame. This includes files, email messages, and database tables. This chart is available only for policy engines on Forcepoint DLP servers. If the policy engine on this computer does not handle discovery traffic, this report is empty. |
Discovery—number of incidents | Number of discovery incidents detected by this policy engine in the specified time frame. This chart is available only for policy engines on Forcepoint DLP servers. If the policy engine on this computer does not handle discovery traffic, this report is empty. |
- For the fingerprint repository:
Chart | Description |
---|---|
Database fingerprint repository synchronization | Displayed only on the management server that contains the synchronization data. Shows the status of all fingerprint repositories, divided into time periods. The status for each time period indicates if a repository was fully synchronized with the main repository, required a partial synchronization, or required full synchronization. |
Secondary database fingerprint repository synchronization trend | Shows how much database data was synchronized from the primary repository to this one over time, in KB. |
Number of fingerprinted files | Displays the total number of files fingerprinted in the specified time frame. |
Number of fingerprinted database cells | Displays the total number of database cells fingerprinted in the specified time frame. |
- For the endpoint server:
- Endpoint server load displays the load on the endpoint server over the specified time period.
- Number of endpoints shows the number of endpoint requests received by the endpoint server in the specified time frame.
- For the OCR server:
Chart | Description |
---|---|
Queue load | Shows the load of OCR server queue during the selected time period. |
Number of textual requests | Shows the total number of OCR requests containing textual data during the selected time period. |
Number of requests | Shows the total number of requests made to the OCR server during the selected time period. |
Average image size | Shows the average size of images (in bytes) that were handled by the OCR server during the selected time period. |
Average processing time | Shows the average processing time (in milliseconds) of images that were handled by the OCR server during the selected time period. |
For each chart, use the Display drop-down list to select a time frame. View statistics for the last 30 minutes, or the last 24 hours.
To view raw data for troubleshooting purposes, such as logs and system statistics, click Download Diagnostics on the toolbar at the top of the content pane. A zip file
containing diagnostic information is downloaded to the specified location. This operation can take several minutes.
For all modules, an Advanced section is also available. Expand this section to view raw statistics supplied by the selected module.