Monitoring of application operation

3 July 2024

ID 216538

You can monitor the performance of the application using widgets and dashboards in the Dashboard section of the web interface. You can filter monitoring data by period and by cluster nodes.

Not all dashboards are displayed by default. You can create a new layout and add the panes you need, and then switch between available layouts.

Information available in the Dashboard section is listed in the table below.

Contents of the Dashboard section

Widget name

Description

System Health

A chart of errors encountered by the cluster.

You can click Go to Nodes to go to the Nodes section and view details about the health of each cluster node.

Processed

This widget displays statistics of actions that the application has applied to all processed email messages:

  • Attachments deleted.
  • Deleted.
  • Disinfected.
  • Quarantined.
  • Rejected.
  • Skipped.

You can click Size or Count to toggle between total size or count of all processed messages respectively.

Detected

This widget displays the number of detected objects grouped by protection module:

  • Anti-Phishing.
  • Anti-Spam.
  • Anti-Virus.
  • Content Filtering.
  • Mail Sender Authentication.
  • Link scanning.
  • KATA Protection.
    This is displayed only when KATA integration is configured.

    If a protection module detects multiple objects in a message, in the statistics this counts as one object for that protection module.

    If several protection modules detect multiple objects in the same message, in the statistics this counts as one object for each such protection module.

You can click the link in the upper-right corner of the information pane to go to the Events section and view related events containing detection information for a selected period.

  • Anti-Virus.
  • Anti-Spam.
  • Anti-Phishing.
  • Content Filtering.
  • Link scanning.
  • Mail Sender Authentication.
  • KATA Protection (when KATA integration is configured).

Widgets with statistics of individual protection modules. These widgets display the number of messages scanned by the given module and grouped by scan result.

Only the Anti-Virus widget is displayed by default. You can create a new widget layout or modify the current layout to add the widgets you need.

Last threats

Table with information about recent detected threats:

  • Time is the time when the threat was detected.
  • Threat name is the name of the threat detected in the object.
  • Result is the action performed with the object.

All information currently available to the application is displayed. Time filtering criteria are not applied.

Messages

This widget displays information about the volume of outgoing and incoming email traffic processed by the application.

When counting outgoing messages, notifications sent by the application are counted, but messages with Deleted, Rejected, and Quarantined scan status are not counted.

You can click Size or Count to toggle between total size or count of incoming and outgoing messages respectively.

Top rules applied

Table with information about rules that were most frequently applied when processing messages:

  • Rule name is the name of the applied rule set by the administrator.
  • Count is the trigger count for the rule.

If the rule was deleted by the administrator, it is not displayed on this dashboard.

All widgets with protection module statistics display the following scan statuses:

  • Detected means the message was found to contain an object that satisfies rule application criteria.
  • Not detected means the message was scanned, and threats or other objects were not detected.
  • Document with macro means the message has an attachment, which contains a document with macros.

    Only applies to Anti-Virus.

  • Quarantined means the message was moved to Anti-Spam Quarantine.

    Only applies to Anti-Spam.

  • Skipped means the message was skipped for one of the following reasons:
    • Rejected by KATA filter.
    • Flushed from queue.
    • Sending to KATA disabled.
    • Message too large.

    Only applies to KATA Protection.

  • Not processed is a group of statuses that are assigned to the message if it was not scanned for one of the following reasons:
    • Encrypted means an object could not be scanned because it is encrypted.

      Only applies to Anti-Virus.

    • Error means an error occurred when scanning the message.
    • Bases error means the message could not be scanned because application databases were not loaded.
    • License restrictions means the message could not be scanned because of application licensing limitations (for example, the license key could have expired).
    • KATA queue full or timeout means the message was skipped for one of the following reasons:
      • KATA queue full.
      • KATA timeout occurred.

      Only applies to KATA Protection.

  • Disabled by settings is a group of statuses assigned to the message if it was not scanned in accordance with one of the following application settings configured by the administrator:
    • Allowlist means the message was delivered without scanning because the sender address is on the global allowlist.
    • Denylist means the message was rejected without scanning because the sender address is on the global denylist.
    • Nesting level exceeded means the maximum archive nesting level configured in general protection settings was reached.

      Only applies to Anti-Virus.

    • Personal allowlist means the message was not scanned by the Anti-Spam module because the sender address is on the personal allowlist of the recipient.

      Only applies to Anti-Spam.

    • Personal denylist means the sender address is on the personal denylist of the recipient. The action configured in personal list settings was applied to the message.

      Messages placed in Backup based on personal list settings are not counted. Such messages are accounted for in statistics for other statuses in accordance with the scan result.

    • Local policy means the message was recognized as spam and was not scanned.

      Only applies to Mail Sender Authentication in KSMG versions earlier than 2.1. In version 2.1, this status is not used.

    • Disabled in protection settings the module is turned off in general protection settings or in a message processing rule.
    • Already processed by another module means the message was not scanned by this module because the message was already scanned by a different protection module and a Reject or Delete message action was applied to the message (and the message was not placed in Backup).

In this Help section

Creating a new layout

Modifying a layout

Removing a layout

Selecting a layout from the list

Filtering monitoring data

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.