ICAP queue reaching capacity-bluecoat-sgos

ICAP queue reaching capacity-bluecoat-sgos
0

ICAP queue reaching capacity-bluecoat-sgos

Vendor: bluecoat

OS: sgos

Description:
Indeni checks if the queue count in the last hour is more than the configured threshold

Remediation Steps:
Indeni monitors the total emulated certificates percentage , lower values means a higher SSL CPU usage.
|1. Login via https to the ProxySG and go to https://proxy:8082/PDM/show-values/icap:service:_total_service_stats:queued_transaction_count~hourly?stats_mode=0. Review the last hour queue count.
|2. Check if the unit is dealing with high traffic volume, usually caused by streaming traffic.
|3. Consider bypassing streaming traffic.
|4. For more information review the following Bluecoat guide: https://support.symantec.com/en_US/article.TECH242686.html

How does this work?
This script logs into the Bluecoat Proxy using SSH and retrieves the Icap queue using the show advanced-url /PDM/show-values/icap:service:_total_service_stats:queued_transaction_count~hourly?stats_mode=0 command.

Why is this important?
Monitoring the Bluecoat ProxySG Icap queue is critical for evaluate the system’s health and make sure it’s not over utilized. If the ICAP services have large number of connections stuck in queue , the Bluecoat ProxySG may be suffer from slowness or traffic latency.

Without Indeni how would you find this?
An administrator could manually get this information by issuing the command show advanced-url /PDM/show-values/icap:service:_total_service_stats:queued_transaction_count~hourly?stats_mode=0 command.

bluecoat-icap-queue

name: bluecoat-icap-queue
description: Fetch icap queue stat.
type: monitoring
monitoring_interval: 1 minute
requires:
    vendor: bluecoat
    os.name: sgos
comments:
    bluecoat-icap-queue:
        why: |
            Monitoring the Bluecoat ProxySG Icap queue is critical for evaluate the system's health and make sure it's not over utilized.
            If the ICAP services have large number of connections stuck in queue , the Bluecoat ProxySG may be suffer from slowness or traffic latency.
        how: |
            This script logs into the Bluecoat Proxy using SSH and retrieves the Icap queue using the show advanced-url /PDM/show-values/icap:service:_total_service_stats:queued_transaction_count~hourly?stats_mode=0 command.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: show advanced-url "/PDM/show-values/icap:service:_total_service_stats:queued_transaction_count~hourly?stats_mode=0"
    parse:
        type: AWK
        file: icap-queue.parser.1.awk

BlueCoatIcapQueueRule

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package templatebased.bluecoat.proxysg

import com.indeni.server.rules.library.templates.NumericThresholdOnDoubleMetricTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity
import com.indeni.server.rules.ThresholdDirection

/**
  *
  */
case class BlueCoatIcapQueueRule() extends NumericThresholdOnDoubleMetricTemplateRule(
  ruleName = "BlueCoatIcapQueueRule",
  ruleFriendlyName = "Blue Coat Devices: ICAP queue reaching capacity",
  ruleDescription = "Indeni checks if the queue count in the last hour is more than the configured threshold",
  severity = AlertSeverity.ERROR,
  metricName = "bluecoat-icap-queue",
  threshold = 10.0,
  thresholdDirection = ThresholdDirection.ABOVE,
  alertDescriptionFormat = "The ICAP queue count for the last hour has reached %.0f.",
  baseRemediationText = """Indeni monitors the total emulated certificates percentage , lower values means a higher SSL CPU usage.
                           |1. Login via https to the ProxySG and go to https://proxy:8082/PDM/show-values/icap:service:_total_service_stats:queued_transaction_count~hourly?stats_mode=0. Review the last hour queue count. 
                           |2. Check if the unit is dealing with high traffic volume, usually caused by streaming traffic.
                           |3. Consider bypassing streaming traffic.
                           |4. For more information review the following Bluecoat guide: https://support.symantec.com/en_US/article.TECH242686.html"""".stripMargin)()