TCP Test
This test, executed by an internal agent, tracks various statistics pertaining to TCP connections to and from a host. The details of the test are provided below:
Target of the test : A host system
Agent deploying the test : An Internal agent
Outputs of the test : One set of results for each host system monitored
| Parameter | Description |
|---|---|
|
Test Period |
How often should the test be executed. |
|
Host |
The host for which the test is to be configured. |
|
Report Names |
The detailed diagnosis of this test lists the top-10 hosts that have established the maximum number of TCP connections with the monitored host. Set this flag to Yes if you want the detailed diagnosis to display the host name of these hosts and not the IP address. To view the IP address of the hosts instead, set this flag to No. |
|
Show Top |
By default, this parameter is set to 10 indicating that the test will report detailed diagnosis only for the top -10 applications that used maximum bandwidth while transferring data over every network interface. Using the information displayed by the detailed diagnosis, you can easily find out the non-critical applications (if any) that are using more bandwidth than the business critical applications and take necessary steps to alleviate the issue. However, you can increase or decrease the value of the Show Top parameter depending upon the level of visibility you require. |
|
DD Frequency |
Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD frequency. |
|
High Security |
This flag is applicable only when the target Linux host is monitored in the agentless manner. In highly secure environments, eG Enterprise could not perform agentless monitoring on a Linux host using SSH. To enable monitoring of the Linux hosts in such environments, set the HIGH SECURITY flag to Yes. It indicates that eG Enterprise will connect to the target Linux host in a more secure way and collect performance metrics. By default, this flag is set to No. |
|
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
| Measurement | Description | Measurement Unit | Interpretation |
|---|---|---|---|
|
In connection rate: |
Connections per second received by the server |
Conns/Sec |
A high value can indicate an increase in input load. |
|
Out connection rate: |
Connections per second initiated by the server |
Conns/Sec |
A high value can indicate that one or more of the applications executing on the host have started using a number of TCP connections to some other host(s). |
|
Current connections: |
Currently established connections |
Number |
A sudden increase in the number of connections established on a host can indicate either an increase in load to one or more of the applications executing on the host, or that one or more of the applications are experiencing a problem (e.g., a slow down). On Microsoft Windows, the current connections metrics is the total number of TCP connections that are currently in the ESTABLISHED or CLOSE_WAIT states. The detailed diagnosis of this test, if enabled, lists the top-10 hosts that have established the maximum number of TCP connections with the monitored host. |
|
Connection drops: |
Rate of established TCP connections dropped from the TCP listen queue. |
Conns/Sec |
This value should be 0 for most of the time. Any non-zero value implies that one or more applications on the host are under overload or that the bandwidth of your server is insufficient. With ample bandwidth, the server can establish and serve connections before they time out. If bandwidth is insufficient, the connections fail or are dropped. |
|
Connection failures: |
Rate of half open TCP connections dropped from the listen queue |
Conns/Sec |
TCP counts a connection as having failed when it goes directly from sending (SYN-SENT) or receiving (SYN-RCVD) to CLOSED, or from receiving (SYN-RCVD) to listening (LISTEN). This value should be 0 for most of the time. A prolonged non-zero value can indicate either that the server is under SYN attack or that there is a problem with the network link to the server that is resulting in connections being dropped without completion. It could also indicate a bandwidth shortage. If the server has sufficient bandwidth, it can establish and serve connections before they time out. If bandwidth is insufficient, the connections fail or are dropped. This measure is not available in the Windows version of the product. |
