Cisco Cisco Content Security Management Appliance M1070 ユーザーガイド
4-44
Cisco IronPort AsyncOS 8.0 for Security Management User Guide
Chapter 4 Using Centralized Email Security Reporting
•
For troubleshooting, identify which parts of the system are using the most resources.
Monitor your Email Security appliances to ensure that the capacity is appropriate to your message
volumes. Over time, volume inevitably rises and appropriate monitoring ensures that additional capacity
or configuration changes can be applied proactively. The most effective way to monitor system capacity
is to track the overall volume, the messages in the work queue, and the incidents of Resource
Conservation Mode.
volumes. Over time, volume inevitably rises and appropriate monitoring ensures that additional capacity
or configuration changes can be applied proactively. The most effective way to monitor system capacity
is to track the overall volume, the messages in the work queue, and the incidents of Resource
Conservation Mode.
•
Volume: It is important to understand the “normal” message volume and the “usual” spikes in your
environment. Track this data over time to measure volume growth. You can use the Incoming Mail
and Outgoing Mail pages to track volume over time. For more information, see
environment. Track this data over time to measure volume growth. You can use the Incoming Mail
and Outgoing Mail pages to track volume over time. For more information, see
and
.
•
Work Queue: The work queue is designed to work as a “shock absorber”— absorbing and filtering
spam attacks and processing unusual increases in non-spam messages. However, the work queue can
also indicate a system under stress. Prolonged and frequent work queue backups may indicate a
capacity problem. You can use the System Capacity – Workqueue page to track the activity in your
work queue. For more information, see
spam attacks and processing unusual increases in non-spam messages. However, the work queue can
also indicate a system under stress. Prolonged and frequent work queue backups may indicate a
capacity problem. You can use the System Capacity – Workqueue page to track the activity in your
work queue. For more information, see
•
Resource Conservation Mode: When a Cisco IronPort appliance becomes overloaded, it enters
Resource Conservation Mode (RCM) and sends a CRITICAL system alert. This is designed to
protect the device and allow it to process any backlog of messages. Your Cisco IronPort appliance
should enter RCM infrequently and only during a very large or unusual increase in mail volume.
Frequent RCM alerts may be an indication that the system is becoming overloaded. RCM is not
tracked by the System Capacity page.
Resource Conservation Mode (RCM) and sends a CRITICAL system alert. This is designed to
protect the device and allow it to process any backlog of messages. Your Cisco IronPort appliance
should enter RCM infrequently and only during a very large or unusual increase in mail volume.
Frequent RCM alerts may be an indication that the system is becoming overloaded. RCM is not
tracked by the System Capacity page.
How to Interpret the Data You See on System Capacity Page
When choosing time ranges for viewing data on the System Capacity page, the following is important to
remember:
remember:
•
Day Report— The Day report queries the hour table and displays the exact number of queries that
have been received by the appliance on an hourly basis over a 24 hour period. This information is
gathered from the hour table. This is an exact number.
have been received by the appliance on an hourly basis over a 24 hour period. This information is
gathered from the hour table. This is an exact number.
•
Month Report— The Month report queries the day tables for the 30 or 31 days (dependent on the
number of days in the month), giving you an exact report on the number of queries over 30 or 31
days. Again, this is an exact number.
number of days in the month), giving you an exact report on the number of queries over 30 or 31
days. Again, this is an exact number.
The ‘Maximum’ value indicator on the System Capacity page is the highest value seen for the specified
period. The ‘Average’ value is the average of all values for the specified period. The period of
aggregation depends on the interval selected for that report. For example, you can choose to see the
Average and Maximum values for each day if the chart is for a month period.
period. The ‘Average’ value is the average of all values for the specified period. The period of
aggregation depends on the interval selected for that report. For example, you can choose to see the
Average and Maximum values for each day if the chart is for a month period.
You can click the View Details link for a specific graph to view data for individual Email Security
appliances and overall data for the appliances connected to the Security Management appliance.
appliances and overall data for the appliances connected to the Security Management appliance.
System Capacity – Workqueue
The System Capacity – Workqueue page shows the volume of messages in work queues over a specified
time period. It also shows the maximum messages in work queues over the same time period. You can
view data for a day, week, month, or year. Occasional spikes in the Workqueue graphs are normal and
expected. If the spikes occur with increasing frequency and are maintained over a long period of time,
this may indicate a capacity issue. When reviewing the work queue page, you may want to measure the
frequency of work queue backups, and take note of work queue backups that exceed 10,000 messages.
time period. It also shows the maximum messages in work queues over the same time period. You can
view data for a day, week, month, or year. Occasional spikes in the Workqueue graphs are normal and
expected. If the spikes occur with increasing frequency and are maintained over a long period of time,
this may indicate a capacity issue. When reviewing the work queue page, you may want to measure the
frequency of work queue backups, and take note of work queue backups that exceed 10,000 messages.