SSL certificate cache ratio is too high-bluecoat-sgos

SSL certificate cache ratio is too high-bluecoat-sgos
0

SSL certificate cache ratio is too high-bluecoat-sgos

Vendor: bluecoat

OS: sgos

Description:
Indeni will alert when SSL certificate emulation usage is too high

Remediation Steps:
Indeni monitors the total emulated certificates percentage , lower values means a higher SSL CPU usage.
|1. Login to the device’s web interface and click on “Statistics” -> “Advanced” -> “SSL” -> “Show SSL Statistics”. Review the “Certificate Emulation” section.
|2. Try to increase the certificate cache timeout:
|Login to the ProxySG via SSH:
|proxy>enable
|proxy#conf t
|proxy#(config)ssl
|proxy#(config ssl)proxy set-cert-cache-timeout 72
|3. Check if there is a high number of requests:
|Login via https to the ProxySG and go to Statistics > Sessions > Active Sessions , see if a single user is trying to make a large number of connections to the same destination.
|4. For more information review the following Bluecoat guides: https://support.symantec.com/en_US/article.TECH245157.html
|5. If the problem persists, contact Symantec Technical support at https://support.symantec.com for further assistance.

How does this work?
This script logs into the Bluecoat Proxy using SSH and retrieves the output of the show advanced-url /SSL/Statistics?stats_mode=0 command. It will parse and calculate the amount of the SPS51 (Total certificates emulated) out of the SPS61 (Total server certificate cache successful lookups) + SPS51 (Total certificates emulated) .

Why is this important?
Monitoring the total emulated certificates precetage in order to maintain the system efficient. Low values shows higher setup efficiency.

Without Indeni how would you find this?
Login to the device’s web interface and click on “Statistics” -> “Advanced” -> “SSL” -> “Show SSL Statistics”. The information can be found under the “Certificate Emulation” section.

bluecoat-ssl-statistics

#! META
name: bluecoat-ssl-statistics
description: Fetch ssl stats
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: bluecoat
    os.name : sgos

#! COMMENTS
bluecoat-certificate-cache-ratio:
    why: |
        Monitoring the total emulated certificates precetage in order to maintain the system efficient. Low values shows higher setup efficiency.
    how: |
        This script logs into the Bluecoat Proxy using SSH and retrieves the output of the show advanced-url /SSL/Statistics?stats_mode=0 command. It will parse and calculate the amount of the SPS51 (Total certificates emulated) out of the SPS61 (Total server certificate cache successful lookups) + SPS51 (Total certificates emulated) .
    without-indeni: |
        Login to the device's web interface and click on "Statistics" -> "Advanced" -> "SSL" -> "Show SSL Statistics". The information can be found under the "Certificate Emulation" section.
    can-with-snmp: false
    can-with-syslog: false

#! REMOTE::SSH
show advanced-url "/SSL/Statistics?stats_mode=0" 

#! PARSER::AWK
#SPS51               1
/^SPS51/ {
    SPS51 = $2
}

#SPS61               1
/^SPS61/ {
    SPS61 = $2
}

END {
    #remove ',' in number
    gsub(",", "", SPS51)
    gsub(",", "", SPS61)
    percent_ssl = (SPS51 / (SPS51 + SPS61)) * 100
    if ((SPS51 + SPS61) != 0 ) {
        writeDoubleMetric("bluecoat-certificate-cache-ratio", null, "gauge", "300", percent_ssl)
    }
}

BlueCoatSslCertificateCacheRatioRule

package com.indeni.server.rules.library.templatebased.bluecoat.proxysg

import com.indeni.server.rules.library.{ConditionalRemediationSteps, ThresholdDirection}
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library._
import com.indeni.server.rules.library.templates.NumericThresholdOnDoubleMetricTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

/**
  *
  */
case class BlueCoatSslCertificateCacheRatioRule() extends NumericThresholdOnDoubleMetricTemplateRule(
  ruleName = "BlueCoatSslCertificateCacheRatioRule",
  ruleFriendlyName = "Blue Coat Devices: SSL certificate cache ratio is too high",
  ruleDescription = "Indeni will alert when SSL certificate emulation usage is too high",
  severity = AlertSeverity.ERROR,
  metricName = "bluecoat-certificate-cache-ratio",
  threshold = 20.0,
  thresholdDirection = ThresholdDirection.ABOVE,
  alertDescriptionFormat = "The SSL certificate cache ratio has reached %.0f%%. Please take action to avoid client connection problems.",
  baseRemediationText = """Indeni monitors the total emulated certificates percentage , lower values means a higher SSL CPU usage.
                           |1. Login to the device's web interface and click on "Statistics" -> "Advanced" -> "SSL" -> "Show SSL Statistics". Review the "Certificate Emulation" section.
                           |2. Try to increase the certificate cache timeout:
                           |Login to the ProxySG via SSH:
                           |proxy>enable
                           |proxy#conf t
                           |proxy#(config)ssl
                           |proxy#(config ssl)proxy set-cert-cache-timeout 72
                           |3. Check if there is a high number of requests:
                           |Login via https to the ProxySG and go to Statistics > Sessions > Active Sessions , see if a single user is trying to make a large number of connections to the same destination.
                           |4. For more information review the following Bluecoat guides: https://support.symantec.com/en_US/article.TECH245157.html
                           |5. If the problem persists, contact Symantec Technical support at https://support.symantec.com for further assistance."""".stripMargin)()