Statistics Retention
Orchestrator > Software & Setup > Setup > Statistics Retention
This tab displays all the statistics Orchestrator collects from appliances. Orchestrator saves the statistics data in a database with the retention policies defined on this tab.
To begin, complete the following steps:
-
Click the Edit icon in the table next to the statistic you want Orchestrator to collect.
-
To enable or disable statistics collection, select the Collect this statistic in Orchestrator check box.
-
Enter how long you want Orchestrator to retain the statics for Minute Granularity, Hourly Granularity, and Daily Granularity before it collects data and stores in the partition.
TIP: If you click More Options, you can enter values for the Database Duration.
-
Click Apply.
For more detail, refer to the following table:
| Field | Description |
|---|---|
| Statistic | The selected statistic of which you want Orchestrator to collect data. |
| Enabled | If you have enabled or disabled statistics retention. |
| Minute Granularity (hours) | Amount of times in one minute Orchestrator stores data. |
| Hourly Granularity (days) | Amount of times in one hour Orchestrator stores data. |
| Daily Granularity (months) | Amount of time in one day Orchestrator stores data. |
| Estimated Disk Space | Estimated amount of disk space the selected statistic uses. At the bottom of the screen, you can get an estimated disk space required for a number of appliances, overlays, and tunnels. |
DoS Stats
You can monitor your network behavior based on the Firewall Protection Profile (FPP) settings and the thresholds you set. The denial of service (DoS) statistics described in the following table provide visibility into the statistics for all Firewall Protection Profiles that are configured and mapped to zone/segment pairs. DoS statistics help you tune FPP settings with the right thresholds, identify violating sources, enable response actions, and so on.
Orchestrator retains statistics related to DoS services on appliances for 30 days. If you require longer retention periods, you can purchase a Storage subscription. See your HPE Aruba Networking representative for details.
| DoS Statistic | Description |
|---|---|
| Ddostotalstats | Includes the following: Source/Host Total Drop Count: The total number of flows dropped from all hosts in the zone because the source-level threshold was exceeded. For real-time statistics, stats are collected every second. For historical statistics, stats are collected every 5 minutes. Zone Level - Total Drop Count: The total number of flows dropped at the zone level. For real-time statistics, stats are collected every second. For historical statistics, stats are collected every 5 minutes. Source/Host - Total Deny Flow Count: The total number of flows dropped/denied from all hosts that are in a deny list because the source level threshold was exceeded. For real-time statistics, stats are collected every second. For historical statistics, stats are collected every 5 minutes. Source/Host Level - Total Deny IP Count: The total number of hosts denied in the zone because a deny action was executed due to the source level threshold being exceeded. For real-time statistics, stats are collected every second. For historical statistics, stats are collected every 5 minutes. Source/Host - Max Threshold Exceed Count: The total number of times the Max Threshold was exceeded from all hosts in the zone. For real-time statistics, stats are collected every second. For historical statistics, stats are collected every 5 minutes. Source/Host – Min Threshold Exceed Count: The total number of times the Min Threshold was exceeded from all hosts in the zone. For real-time statistics, stats are collected every second. For historical statistics, stats are collected every 5 minutes. Zone Level - Min Threshold Exceed Count: The total number of times the Min Threshold was exceeded at the zone level. For real-time statistics, stats are collected every second. For historical statistics, stats are collected every 5 minutes. Zone Level - Max Threshold Exceed Count: The total number of times the Max Threshold was exceeded at the zone level. For real-time statistics, stats are collected every second. For historical statistics, stats are collected every 5 minutes. Zone Level - Total Error Drop Count: Total number of error drop counts collected at the zone level. For real-time statistics, stats are collected every second. For historical statistics, stats are collected every 5 minutes. |
| Ddostoptalkers | The top 50 IPs that used the most number of concurrent flows, embryonic flows, and flows per second (FPS) and the top 50 IPs that violated the minimum and maximum thresholds. This statistic is common for all zones and is refreshed every hour. NOTE If there are more IPs than the list can support, IPs in this list will be replaced resulting in some IPs getting dropped from the hourly top talkers list. |
| Ddossrcipsample10 | A list of 10 sample source IPs that exceed the minimum threshold and maximum threshold set in Firewall Protection Profile for concurrent, embryonic, and FPS metrics respectively. These are historical stats (not real-time). These stats are not zone-specific. Sample IPs are from zone/segment pairs where FPP is configured. These stats are updated every 5 minutes. |
| Ddospeakandpeakdroprate | Includes the following: Peak stats for IPs and Counts are collected for the FPS, concurrent flows, and embryonic flows metrics every one second for all protocols. These stats report the highest number for Ddostotalstats, Ddostoptalkers, and Ddossrcipsample10. The metrics are each recorded in 5 minute intervals. The Ddospeakandpeakdroprate stats are reported even if no thresholds are configured in the FPP. For real-time statistics, stats are collected every second. For historical statistics, stats are collected every 5 minutes. The peak drop rate stats report the highest flow drop rate per second that occurred within the 5 minute interval. For real-time statistics, stats are collected every second. For historical statistics, stats are collected every 5 minutes. |
Stats Configuration
The Stats Configuration dialog box displays the parameters for the Statistics Retention.
WARNING: Changing the default values of these settings is not recommended without consulting Support.
Click Advanced Properties to display the Stats Configuration dialog box. For more detail, refer to the following table.
| Field | Description |
|---|---|
| minuteRetention | The number of minutes of stats the EdgeConnect will retain. 1440 equals 1 day (EdgeConnect generates a zip file of CSVs every minute.) |
| verticalRetention | The number of days EdgeConnect will retain data in a format that allows EdgeConnect’s UI to display historical charts. Note: If you are using Orchestrator to see historical stats, set verticalRetention to zero to reduce disk space use. |
| app max_items | EdgeConnect calculates the “Top Applications.” These stats are displayed hourly but computed every minute. Increasing this value beyond 100 will impact EdgeConnect performance because EdgeConnect computes a larger number of Top Applications every minute by traversing every flow in the system. |
| port max_items | EdgeConnect calculates “Top Ports.” These stats are displayed hourly but computed every minute. Increasing this value beyond 100 will impact EdgeConnect performance because EdgeConnect computes a larger number of Top Ports every minute by traversing every flow in the system. |
| dns max_items | EdgeConnect calculates “Top Domains.” These stats are displayed hourly but computed every minute. Increasing this value beyond 100 will impact EdgeConnect performance because EdgeConnect computes a larger number of Top Domains every minute by traversing every flow in the system. |
| ip max_items | EdgeConnect calculates “Top Talkers.” These stats are displayed hourly but computed every minute. Increasing this value beyond 100 will impact EdgeConnect performance because EdgeConnect computes a larger number of Top Talkers every minute by traversing every flow in the system. |
| behavioral max_items | EdgeConnect calculates “Top Traffic Behaviors.” These stats are displayed hourly but computed every minute. Increasing this value beyond 100 will impact EdgeConnect performance because EdgeConnect computes a larger number of Top Traffic Behaviors every minute by traversing every flow in the system. |
| flows_csv_enable | Do not enable this field. Enabling this field will disable EdgeConnect appliances in most networks, which might require you to RMA the EdgeConnect. If you need a NetFlow log to view historical data, enable Netflow/IPFIX and use an external NetFlow/IPFIX collector. |