The following lists and describes Web Agent data:
Indicates the average time it takes to authorize a user (in milliseconds).
Number of authorization attempts made by this Agent. An authorization attempt occurs when a user supplies credentials to the Policy Server in order to access a protected resource.
Number of errors that occurred during authorization attempts made by this Web Agent. An error indicates a communication failure between the Web Agent and Policy Server during an authorization call.
Number of failed authorization attempts. An authorization attempt fails when a user lacks sufficient privileges to access a resource.
Number of cookies that the Web Agent could not decrypt.
Number of requests that the Agent refuses because of bad URL characters. Bad URL characters are specifically blocked to prevent a Web client from evading SiteMinder rules. These characters are specified in the Web Agent's configuration.
Path of the Web Agent. The component path includes the following information:
Note: Component Path is not available using SNMP.
Number of cross-site scripting hits. A cross-site scripting hit consists of malicious code embedded in pages at your site.
Note: For more information about cross-site scripting, see the Web Agent Configuration Guide.
Length of the encryption key used to encrypt/decrypt data sent between the Web Agent and the Policy Server.
Number of requests that contained an expired cookie.
IP address of the machine where the Web Agent is installed.
Note: The Host IP address is included in the Component Path.
The average amount of time it takes (in milliseconds) for the Web Agent to determine from the Policy Server whether or not a resource is protected.
Number of times the Web Agent has checked the Policy Server to see if a resource is protected.
Note: If the resource cache is set to 0, the OneView Monitor may record two or more IsProtected calls per login attempt. If the Web Agent is not caching information, it must check with the Policy Server to determine whether or not a resource is protected each time a request is made to the Web server.
If the resource cache is not set to 0, the OneView Monitor only records one IsProtected call. In this case, the Web Agent makes one IsProtected call to the Policy Server; subsequent requests to the Web server for the same resource are satisfied against the Web Agent's resource cache until the resource in the cache expires or the resource cache is flushed.
Number of times an error has occurred when the Web Agent asks the Policy Server whether or not a resource is protected. An error indicates a communication failure between the Web Agent and the Policy Server.
Web Agent build number.
Date and time of the Web Agent's last activity.
Average time it takes for a user to log in.
Number of login attempts made from this Web Agent.
Number of errors that occurred during login attempts. An error indicates a communication failure between the Web Agent and the Policy Server.
Number of failed login attempts. Login failures occur when users supply invalid credentials.
Name of the Web Agent.
Operating system of the machine where the Web Agent is installed.
Web Agent product name.
Number of entries in the resource cache. The resource cache stores information about recently accessed resources to speed up subsequent requests for the same resource.
The number of entries in the resource cache can be 0 to n, where n is the maximum cache size specified in the Web Agent's configuration.
Number of times that the Web Agent located a resource in the resource cache. This number indicates how frequently SiteMinder is using cached resources.
The maximum number of entries the resource cache can contain. This number is specified in the Web Agent's configuration.
Note: Details on setting the resource cache size exist in the Web Agent Configuration Guide.
Number of open sockets, which corresponds to the number of open connections between the Policy Server and the Web Agent.
Note: Because the Web Agent architecture has changed, SocketCount has no value.
Status of the Web Agent. The status can be Active or Inactive.
Inactive status indicates that there was no interaction between the Web Agent and the monitor for a specified period of time. The period of time is determined by the heartbeat interval.
Time zone for the geographical location where the Web Agent is installed.
Type of monitored component. In this case, the Web Agent.
The startup time of the Web server where the Web Agent is installed.
Version number of latest software update.
Number of entries in the user session cache. The user session cache stores information about users who have recently accessed resources. Storing user information speeds up resource requests.
The number of entries in the user session cache can be 0 to n, where n is the maximum cache size specified in the Web Agent's configuration. see the Web Agent Configuration Guide for information on setting the user session cache size.
Note: The user session cache count may differ based on the Web server where the session cache is located.
For Web Agents that use multi-thread cache, such as IIS Web Agents, iPlanet 4.x and 6.0 Web Agents (on Windows operating systems), and Domino Web Agents (on Windows and UNIX operating systems), the OneView Monitor increases the user session cache count when a user is successfully authenticated and receives a session cookie from the Web Agent.
Apache and iPlanet 4.x and 6.0 Web Agents running on UNIX operating systems, which use multi-process cache, count sessions differently. A user's session is not added to the session cache until he presents a session cookie to the Web Agent. The Web Agent creates a session cookie for the user after he is successfully authenticated. SiteMinder uses that cookie to authenticate the user if he makes additional resource requests. This means that the user's first login is not recorded in the user session cache count. If the user makes another request and SiteMinder authenticates the user using the session cookie, the user session cache count increases.
In all Web Agents, the user session is valid for resources in one realm. If the user accesses a resource in a different realm using a session cookie, he is given another user session, which increases the user session cache count.
Number of times that Web Agent accessed the user session cache.
The maximum number of entries the user session cache can contain. This number is specified in the Web Agent's configuration.
Note: Details on setting the user session cache size exist in the Web Agent Configuration Guide.
The number of times the Web Agent could not locate user session information in the user session cache. This occurs when:
Average amount of time it takes to validate a cookie used to authenticate a user (in milliseconds). Cookies may be used to authenticate a user in a single sign-on environment.
The number of times a specific Web Agent attempted to validate a session cookie against the Policy Server to authenticate a user, instead of matching that user's credentials to a user directory entry. (The Web Agent creates a session cookie on the user's browser when a user is successfully authenticated, and uses that cookie to authenticate the user on subsequent requests for new resources.)
The following conditions affect the ValidationCount:
If a Web Agent's user session cache is set to a value greater than 0, the user's session information is stored in the cache. The Web Agent validates the session against the session cache instead of the Policy Server, so the ValidationCount does not increase. If the user session cache is set to 0, the ValidationCount increases each time a user requests a protected resource because the Web Agent must validate the session against the Policy Server.
Web Agents that use multi-threaded cache, such as IIS Web Agents, iPlanet 4.x and 6.0 Web Agents (on Windows operating systems, and Domino Web Agents (on Windows and UNIX operating systems), add a session to the session cache (if the session cache size is greater than 0) when a user is successfully authenticated. If that user requests additional resources from the same realm, the Web Agent validates the user against the session cache, so the ValidationCount does not increase.
Apache and iPlanet 4.x and 6.0 Web Agents running on UNIX operating systems, which use multi-process cache, do not add the session cookie to the session cache until the user presents the cookie to the Web Agent during a request for another resource in the realm where she was authenticated. The Web Agent validates the first request made with a session cookie against the Policy Server, which increases the ValidationCount. Subsequent requests are validated against the cache.
The number of errors that occurred when the Web Agent attempted to validate a user session. Errors indicate a communication failure between the Web Agent and the Policy Server.
The number of times the Web Agent has failed to validate a user session because of an invalid session cookie.
Version number of the Web Agent.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |