Browser to AG connections statistics displaying incorrect values

  • 7016277
  • 10-Mar-2015
  • 31-Mar-2015

Environment

NetIQ Access Manager 3.2
NetIQ Access Manager 4.0

Situation

Access Manager setup and working fine. The Access Gateway (AG) statistics are being being monitored for various pieces of info (throughput, requests, connections). Under low load in the evening, it was noted that the total number of browser connections was extremely high based on the number of active sessions.

Executing a 'netstat -patune' and checking the number of established connections, it was a fraction of what the iManager statistics UI reported for the AG. It averaged between 43 and 58 across 5 AGs, yet the screenshot showed the active browser connections to AG for each of these 5 AGs in the 1000s. As an example last night, with only 150 users logged into the Identity (IDP) server, the AG servers were showing "22423" current browser connections when netstat for each listening proxy IP address on that AG showed the following:

# netstat -patune | grep 443 | grep -i established | grep 172.16.101.50| wc -l
65
# netstat -patune | grep 443 | grep -i established | grep 172.16.101.51| wc -l
68
# netstat -patune | grep 443 | grep -i established | grep 172.16.101.52| wc -l
65
# netstat -patune | grep 443 | grep -i established | grep 172.16.101.73| wc -l
87
# netstat -patune | grep 443 | grep -i established | grep 172.16.101.74| wc -l
70

We are currently using Netstat and w3m to server-status for infor for now, but it would be very useful to be able to rely on the UI stats.

Resolution

Fixed in NAM 4.1.

Cause

The invalid connection count is due to the dummy connection made by httpd to all
the child processes. Need to avoid all those connection for total connection
stat calculation.