Monitoring of application operation
10 July 2024
ID 216538
You can monitor the performance of the application using widgets and dashboards in the Dashboard section of the web interface. You can filter monitoring data by period and by cluster nodes.
Not all dashboards are displayed by default. You can create a new layout and add the panes you need, and then switch between available layouts.
Information available in the Dashboard section is listed in the table below.
Contents of the Dashboard section
Widget name | Description |
|---|---|
System Health | A chart of errors encountered by the cluster. You can click Go to Nodes to go to the Nodes section and view details about the health of each cluster node. |
Processed | This widget displays statistics of actions that the application has applied to all processed email messages:
You can click Size or Count to toggle between total size or count of all processed messages respectively. |
Detected | This widget displays the number of detected objects grouped by protection module:
You can click the link in the upper-right corner of the information pane to go to the Events section and view related events containing detection information for a selected period. |
| Widgets with statistics of individual protection modules. These widgets display the number of messages scanned by the given module and grouped by scan result. Only the Anti-Virus widget is displayed by default. You can create a new widget layout or modify the current layout to add the widgets you need. |
Last threats | Table with information about recent detected threats:
All information currently available to the application is displayed. Time filtering criteria are not applied. |
Messages | This widget displays information about the volume of outgoing and incoming email traffic processed by the application. When counting outgoing messages, notifications sent by the application are counted, but messages with Deleted, Rejected, and Quarantined scan status are not counted. You can click Size or Count to toggle between total size or count of incoming and outgoing messages respectively. |
Top rules applied | Table with information about rules that were most frequently applied when processing messages:
If the rule was deleted by the administrator, it is not displayed on this dashboard. |
All widgets with protection module statistics display the following scan statuses:
- Detected means the message was found to contain an object that satisfies rule application criteria.
- Not detected means the message was scanned, and threats or other objects were not detected.
- Document with macro means the message has an attachment, which contains a document with macros.
Only applies to Anti-Virus.
- Quarantined means the message was moved to Anti-Spam Quarantine.
Only applies to Anti-Spam.
- Skipped means the message was skipped for one of the following reasons:
- Rejected by KATA filter.
- Flushed from queue.
- Sending to KATA disabled.
- Message too large.
Only applies to KATA Protection.
- Not processed is a group of statuses that are assigned to the message if it was not scanned for one of the following reasons:
- Encrypted means an object could not be scanned because it is encrypted.
Only applies to Anti-Virus.
- Error means an error occurred when scanning the message.
- Bases error means the message could not be scanned because application databases were not loaded.
- License restrictions means the message could not be scanned because of application licensing limitations (for example, the license key could have expired).
- KATA queue full or timeout means the message was skipped for one of the following reasons:
- KATA queue full.
- KATA timeout occurred.
Only applies to KATA Protection.
- Encrypted means an object could not be scanned because it is encrypted.
- Disabled by settings is a group of statuses assigned to the message if it was not scanned in accordance with one of the following application settings configured by the administrator:
- Allowlist means the message was delivered without scanning because the sender address is on the global allowlist.
- Denylist means the message was rejected without scanning because the sender address is on the global denylist.
- Nesting level exceeded means the maximum archive nesting level configured in general protection settings was reached.
Only applies to Anti-Virus.
- Personal allowlist means the message was not scanned by the Anti-Spam module because the sender address is on the personal allowlist of the recipient.
Only applies to Anti-Spam.
- Personal denylist means the sender address is on the personal denylist of the recipient. The action configured in personal list settings was applied to the message.
Messages placed in Backup based on personal list settings are not counted. Such messages are accounted for in statistics for other statuses in accordance with the scan result.
- Local policy means the message was recognized as spam and was not scanned.
Only applies to Mail Sender Authentication in KSMG versions earlier than 2.1. In version 2.1, this status is not used.
- Disabled in protection settings the module is turned off in general protection settings or in a message processing rule.
- Already processed by another module means the message was not scanned by this module because the message was already scanned by a different protection module and a Reject or Delete message action was applied to the message (and the message was not placed in Backup).
