Environment
NetIQ Access Manager 3.2
NetIQ Access Manager 4.0
NetIQ Access Manager 4.0
Situation
Access Manager setup and working fine. The Access Gateway (AG) statistics are being being monitored for various pieces of info (throughput, requests, connections). Under low load in the evening, it was noted that the total number of browser connections was extremely high based on the number of active sessions.
Executing a 'netstat -patune' and checking the number of established connections, it was a fraction of what the iManager statistics UI reported for the AG. It averaged between 43 and 58 across 5 AGs, yet the screenshot showed the active browser connections to AG for each of these 5 AGs in the 1000s. As an example last night, with only 150 users logged into the Identity (IDP) server, the AG servers were showing "22423" current browser connections when netstat for each listening proxy IP address on that AG showed the following:
# netstat -patune | grep 443 | grep -i established | grep 172.16.101.50| wc -l
65
# netstat -patune | grep 443 | grep -i established | grep 172.16.101.51| wc -l
68
# netstat -patune | grep 443 | grep -i established | grep 172.16.101.52| wc -l
65
# netstat -patune | grep 443 | grep -i established | grep 172.16.101.73| wc -l
87
# netstat -patune | grep 443 | grep -i established | grep 172.16.101.74| wc -l
70
We are currently using Netstat and w3m to server-status for infor for now, but it would be very useful to be able to rely on the UI stats.
Executing a 'netstat -patune' and checking the number of established connections, it was a fraction of what the iManager statistics UI reported for the AG. It averaged between 43 and 58 across 5 AGs, yet the screenshot showed the active browser connections to AG for each of these 5 AGs in the 1000s. As an example last night, with only 150 users logged into the Identity (IDP) server, the AG servers were showing "22423" current browser connections when netstat for each listening proxy IP address on that AG showed the following:
# netstat -patune | grep 443 | grep -i established | grep 172.16.101.50| wc -l
65
# netstat -patune | grep 443 | grep -i established | grep 172.16.101.51| wc -l
68
# netstat -patune | grep 443 | grep -i established | grep 172.16.101.52| wc -l
65
# netstat -patune | grep 443 | grep -i established | grep 172.16.101.73| wc -l
87
# netstat -patune | grep 443 | grep -i established | grep 172.16.101.74| wc -l
70
We are currently using Netstat and w3m to server-status for infor for now, but it would be very useful to be able to rely on the UI stats.
Resolution
Fixed in NAM 4.1.
Cause
The invalid connection count is due to the dummy connection made by httpd to all the child processes. Need to avoid all those connection for total connection stat calculation.