This template assesses the overall performance of Cisco IronPort from xml status page by using PowerShell script.
Prerequisites: None.
Credentials: Cisco IronPort user with access to https://iponport_server/xml/status.
Monitored Components
Features Days Remaining
This monitor returns the number of days left to the features expiration date. The monitor returns the statistic for the following features: McAfee, Sophos Anti-Virus, Central Management, Anti-Spam, Incoming, Mail Handling, and Outbreak Filters.
Mail Handling Counters
This monitor returns the mail handling statistic. Returned values are as follows:
Messages Received – This component returns the number of messages received into the delivery queue.
Recipients Received – This component returns the number of recipients on all received messages.
Generated Bounce Recipients – This component returns the number of recipients for which bounces have been generated by the system and inserted into the delivery queue.
Rejected Recipients – This component returns the number of recipients that have been denied receiving into the delivery queue due to the Recipient Access Table (RAT) or unexpected protocol negotiation including premature connection termination.
Dropped Messages – This component returns the number of messages that have been denied reception into the delivery queue due to a filter drop action match or have been received by a Black Hole queuing listener. Messages directed to /dev/null entries in the alias table also are considered dropped messages. Messages dropped by anti-spam filtering (if it has been enabled on the system) also increment this counter.
Soft Bounce Events – This component returns the number of soft bounce events — a message that soft bounces multiple times has multiple soft bounce events.
Completion Events
This monitor returns the completion events statistic. Returned values are as follows:
DNS Hard Bounces – This component returns the number of DNS hard bounces. DNS error encountered while trying to deliver a message to a recipient.
5XX Hard Bounces – This component returns the number of 5XX hard bounces. Occurs when the destination mail server returned a “5XX” response code while trying to deliver a message to a recipient.
Filter Hard Bounces – This component returns the number of filter hard bounces. Occurs when a recipient delivery has been preempted by a matching filter bounce action. Messages dropped by anti-spam filtering (if it has been enabled on the system) also increment this counter.
Expired Hard Bounces – This component returns the number of expired hard bounces. Occurs when message recipients that have exceeded the maximum time allowed in the delivery queue or the maximum number of connection attempts.
Other Hard Bounces – This component returns the number of other hard bounces. Occurs when an unexpected error during message delivery or a message recipient was explicitly bounced via the bouncerecipients command.
Delivered Recipients – This component returns the number of messages successfully delivered to a recipient.
Deleted Recipients – This component returns the number of message recipients explicitly deleted via the deleterecipients command or was a Global Unsubscribe Hit.
Global Unsubscribe Hits – This component returns the number of message recipients that were deleted due to a matching global unsubscribe setting.
System Resources Utilization
This monitor returns system resources utilization. Returned values are as follows:
Total CPU – This component returns the total percentage of CPU usage.
Email Security Appliance CPU – This component returns the CPU usage of Email Security Appliance.
Reporting CPU – This component returns the Reporting CPU usage.
Quarantine CPU – This component returns the Quarantine CPU usage.
RAM – This component returns the percentage of physical RAM (Random Access Memory) being used by the system.
Disk IO – This component returns the percentage of Disk I/O being used. The Disk I/O Utilization statistic does not display a reading against a scale of a known value. Rather, it displays the I/O utilization the system has seen thus far and scales against the maximum value since the last reboot. So, if the gauge displays 100%, the system is experiencing the highest level of I/O utilization seen since boot (which may not necessarily represent 100% of the physical Disk I/O of the entire system).
Logging Disk – This component returns the logging disk utilization.
System Gauges
This monitor returns system gauges. Returned values are as follows:
System Status – This component returns current system status:
0 – Online;
1 – Receiving Suspended – all listeners are suspended;
2 – Delivery Suspended;
3 – Offline – receiving and delivery are suspended for all listeners;
4 – Not available.
Current Incoming Connections – This component returns the current incoming connections.
Current Outgoing Connections – This component returns the current outgoing connections.
Total Active Recipients – This component returns the message recipients in the delivery queue. Total of Un-attempted Recipients and Attempted Recipients.
Unattempted Recipients – This component returns the message recipients in queue for which delivery has not yet been attempted. This is a subcategory of Active Recipients.
Attempted Recipients – This component returns the message recipients in queue for which delivery has been attempted but failed due to a Soft Bounce Event. This is a subcategory of Active Recipients.
Active Messages in Work Queue – This component returns the number of messages waiting to be processed by alias table expansion, masquerading, anti-spam, anti-virus scanning, message filters, and LDAP queries prior to being enqueued.
Active Destination Objects in Memory – This component returns the number of destination domains in memory. For each domain with a message destined to be delivered, a destination object is created in memory. After all the mail for that domain has been delivered, the destination object is retained for another three hours. After three hours, if no new messages are bound for that domain, the object is expired so that the destination is no longer reported (for example, in the tophosts command). If you are delivering mail only to one domain, this counter will be “1.” If you have never received or sent any messages (or no messages have been processed by the appliance in many hours), the counter will be “0.” If you are using Virtual Gateways, destination domains for each Virtual Gateway will have a separate destination object. (For example, yahoo.com will count as three destination objects if you are delivering to yahoo.com from three different Virtual Gateways).
DNS Status
This monitor returns a DNS statistic. Returned values are as follows:
DNS Requests – This component returns the number of non-recursive request to the system DNS cache to resolve a domain name.
Network Requests – This component returns the number of requests to the network (non-local) to retrieve DNS information.
Cache Hits – This component returns the number of requests to the DNS cache where the record was found and returned.
Cache Misses – This component returns the number of requests to the DNS cache where the record was not found.
Cache Exceptions – This component returns the number of requests to the DNS cache where the record was found but the domain was unknown.
Cache Expired – This component returns the number of requests to the DNS cache where the record was found in the cache, considered for use, and discarded because it was too old.
Portions of this document are courtesy of the Cisco IronPort User Guide and the ESA 7-5 Daily Management Guide, copyright 2014
Last updated 6/27/2014
