SSL certificate cache ratio is too high-bluecoat-sgos

SSL certificate cache ratio is too high-bluecoat-sgos
0

SSL certificate cache ratio is too high-bluecoat-sgos

Vendor: bluecoat

OS: sgos

Description:
Indeni will alert when SSL certificate emulation usage is too high

Remediation Steps:
Indeni monitors the total emulated certificates percentage , lower values means a higher SSL CPU usage.
|1. Login to the device’s web interface and click on “Statistics” -> “Advanced” -> “SSL” -> “Show SSL Statistics”. Review the “Certificate Emulation” section.
|2. Try to increase the certificate cache timeout:
|Login to the ProxySG via SSH:
|proxy>enable
|proxy#conf t
|proxy#(config)ssl
|proxy#(config ssl)proxy set-cert-cache-timeout 72
|3. Check if there is a high number of requests:
|Login via https to the ProxySG and go to Statistics > Sessions > Active Sessions , see if a single user is trying to make a large number of connections to the same destination.
|4. For more information review the following Bluecoat guides: https://support.symantec.com/en_US/article.TECH245157.html
|5. If the problem persists, contact Symantec Technical support at https://support.symantec.com for further assistance.

How does this work?
This script logs into the Bluecoat Proxy using SSH and retrieves the output of the show advanced-url /SSL/Statistics?stats_mode=0 command. It will parse and calculate the amount of the SPS51 (Total certificates emulated) out of the SPS61 (Total server certificate cache successful lookups) + SPS51 (Total certificates emulated) .

Why is this important?
Monitoring the total emulated certificates precetage in order to maintain the system efficient. Low values shows higher setup efficiency.

Without Indeni how would you find this?
Login to the device’s web interface and click on “Statistics” -> “Advanced” -> “SSL” -> “Show SSL Statistics”. The information can be found under the “Certificate Emulation” section.

bluecoat-ssl-statistics

name: bluecoat-ssl-statistics
description: Fetch ssl stats
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: bluecoat
    os.name: sgos
comments:
    bluecoat-certificate-cache-ratio:
        why: |
            Monitoring the total emulated certificates precetage in order to maintain the system efficient. Low values shows higher setup efficiency.
        how: |
            This script logs into the Bluecoat Proxy using SSH and retrieves the output of the show advanced-url /SSL/Statistics?stats_mode=0 command. It will parse and calculate the amount of the SPS51 (Total certificates emulated) out of the SPS61 (Total server certificate cache successful lookups) + SPS51 (Total certificates emulated) .
        without-indeni: |
            Login to the device's web interface and click on "Statistics" -> "Advanced" -> "SSL" -> "Show SSL Statistics". The information can be found under the "Certificate Emulation" section.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: show advanced-url "/SSL/Statistics?stats_mode=0"
    parse:
        type: AWK
        file: ssl-statistics.parser.1.awk

BlueCoatSslCertificateCacheRatioRule

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.bluecoat.proxysg

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.NumericThresholdOnDoubleMetricTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity
import com.indeni.server.rules.ThresholdDirection

/**
  *
  */
case class BlueCoatSslCertificateCacheRatioRule() extends NumericThresholdOnDoubleMetricTemplateRule(
  ruleName = "BlueCoatSslCertificateCacheRatioRule",
  ruleFriendlyName = "Blue Coat Devices: SSL certificate cache ratio is too high",
  ruleDescription = "Indeni will alert when SSL certificate emulation usage is too high",
  severity = AlertSeverity.ERROR,
  metricName = "bluecoat-certificate-cache-ratio",
  threshold = 20.0,
  thresholdDirection = ThresholdDirection.ABOVE,
  alertDescriptionFormat = "The SSL certificate cache ratio has reached %.0f%%. Please take action to avoid client connection problems.",
  baseRemediationText = """Indeni monitors the total emulated certificates percentage , lower values means a higher SSL CPU usage.
                           |1. Login to the device's web interface and click on "Statistics" -> "Advanced" -> "SSL" -> "Show SSL Statistics". Review the "Certificate Emulation" section.
                           |2. Try to increase the certificate cache timeout:
                           |Login to the ProxySG via SSH:
                           |proxy>enable
                           |proxy#conf t
                           |proxy#(config)ssl
                           |proxy#(config ssl)proxy set-cert-cache-timeout 72
                           |3. Check if there is a high number of requests:
                           |Login via https to the ProxySG and go to Statistics > Sessions > Active Sessions , see if a single user is trying to make a large number of connections to the same destination.
                           |4. For more information review the following Bluecoat guides: https://support.symantec.com/en_US/article.TECH245157.html
                           |5. If the problem persists, contact Symantec Technical support at https://support.symantec.com for further assistance."""".stripMargin)()