The McAfee Web Gateway has a variety of statistics counters that can be used for monitoring. There are a variety of available counters. There are three 'groups' of counters: - System - Content - Traffic
There are a variety of ways to 'use' the counters. This guide will cover a typical 'monitoring' type of use case.
This example will use the Web Gateway's 'error handler', and Incident ID number 5. (See more information about incidents here: https://community.mcafee.com/community/business/email_web/webgateway/blog/2011/0 5/18/have-you-ever-wondered-what-incidents-inside-mwg-are)
Incident ID 5 is an incident that 'fires' every minute. As such, it is a useful way to trigger statistics monitoring, and then react on it (i.e. send a notification email, or signal a syslog server, etc.)
An example use case is to send a notification message when a counter reaches a certain threshold, say when CPU use percentage is above 95%. (available statistic counters can be found in the table at the end of this document)
The procedure below discusses the use case mentioned above in detail. This can be used as a framework for capturing any other desired monitoring statistics.
Navigate to 'Policy' -> Rule Sets (tab) -> Error Handler.
Within the desired Error Handler setting container (typically the 'Default' error handler setting container)
Then, click to 'add' a rule set from the rule set library.
Locate the "Monitoring" rule within the Rule Set Library.
Typically, you will want to locate that rule set to be near the top of Error Handler list of rule sets.
Be sure 'Show Details' is selected in the main pane.
Click to select the new top level Montitoring rule set, and make note of the rule set criteria:
Incident.ID equals 5
Click to select the 'Check CPU Overload' rule set. There, please note rule set criteria for this rule set: Statistics.Counter.GetCurent("CPULoad")<Default> greater than or equals 95. You will note that "CPULoad" is the statistic counter for this particular rule set. If you click to 'edit' that rule set criteria, you'll note that 'CPULoad' is a simple text value specified. The names of the available counters can be found in the table at the end of this document.
Next, within that rule set, click to select the 'Create Notification Message'. As can be seen, an event is used to 'generate' the 'notification' message.
After, there are four additional rules. Each allow for a different type of message to be sent: SNMP, Syslog, Email, or simply writing to a log file.
Simply enable the desired rule(s) depending upon notification type.
Statistics within Web Gateway version 7
System - Statistics
Memory usage in percent from MWG applications
Number of currently open sockets of the proxy
Percentage of the CPU in idle state
Percentage of the CPU utilization
Percentage of CPU usage not consumed by MWG applications
Percentage of CPU usage consumed by MWG applications
Percentage of usage of the installation partition of MWG
Percentage of usage of the complete hard disk
Total amount of free memory in bytes
Memory usage in percent
Total amount if used memory in bytes
Received number of bytes per second
Transmitted number of bytes per second
Size of statistic database in bytes
Free Swap Space in bytes
Used Swap Space in bytes
Percentage of usages of cache partition
Number of cache hits
Number of cache misses
Number of objects in web cache
Content - Statistics
Number of blocked transactions by Anti-Malware process
Number of blocked transactions by URL filter
Number of blocked transactions by media filter
Number of detected expired certificates
Number of certificates with name mismatch
Number of unresolvable certificate chains
Number of certificates the matched a wildcard in rule
Number of blocked connections
Number of legitimate connections
Number of detected categories
Number of detected malware objects
Number of detected archives
Number of detected audio files
Number of detected documents
Number of detected executables
Number of detected images
Number of detected streams
Number of detected text files
Number of detected videos
Number of pages with reputation: high risk
Number of pages with reputation: medium risk
Number of pages with reputation: minimal risk
Number of pages with reputation: unverified
Traffic - Statistics
Number of FTP requests
FTP traffic in bytes from Proxy to Internet
Number of blocked HTTP(S) requests
Number of legitimate HTTP(S) requests
Number of HTTP requests
HTTP traffic in bytes from Proxy to Internet
Number of HTTPS requests
HTTPS traffic in bytes from Prxy to Internet
Number of bytes transfered in ICAP reqmod
Number of bytes transfered in ICAP respmod
Number of requests in ICAP reqmod
Number of requests in ICAP respmod