Skip to content

The Dashboard (Home)

The dashboard is the main page of Libraesva ESG and gives an overview of the status of the appliance. All the data shown here are automatically refreshed every 120 seconds (by default).

Daily monitor

Status Monitor

The status monitor contain summary of the most useful information in the system, to quickly spot anomalies.

  • Memory Swap Usage: swapped memory is normal in a mail gateway, especially when there are multiple antivirus. As the swap usage increase however, the performance drop exponentially, so it is always required to keep this value below 50-60% on average
  • Memory: used RAM memory
  • Load average: the load average is combination of many appliance factors, such us cpu usage, locked process, io waiting process and the like. This value should usually be equals or lower than the number of CPUs
  • Quarantine: used quarantine disk space

Mailer Status: Libraesva ESG is composed of multiple engine working in synergy to create security. The most important engines are listed here, as well as their statuses (enabled, partially enabled, disabled).

  • Message scanning: the main engine of Libraesva ESG, is only disabled when the license is expired
  • MailScanner engines: status of MailScanner and number of parallel process currently running
  • Antivirus engines: ClamAV is the default antivirus and is always active. Avira and Bitdefender engines are available as an option
  • URLSand: Libraesva ESG proprietary sandboxing for link threat identification and real-time disarm
  • Quicksand: Libraesva ESG proprietary sandboxing to sanitize attachment on the gateway
  • License usage: current license usage

Last Week Summary: SPAM Rates: this is an overview of all the email which reached Libraesva ESG, distinguished by SMTP reject, Spam, Bounce and Virus. Usually, there are a lot of SMTP reject since is the first defence in Libraesva ESG from botnet and bad spam. The quantity of Spam, Bounces, and Virus greatly depends on the traffic, but as a general rule a great variation from normal traffic could be related to some high threat being detected.

Last week summary

Last Week Summary: Threat sources: similar to the last week summary, but geographically distributed. Allows you to see from where all the threat are generated.

Last week summary geo distribution

Version info: when you don’t have a cluster setup, you will see here only the current version of Libraesva ESG.

Cluster status: when a cluster is setup, this box shows the nodes current load and the replica status. If there is any issue with the cluster replica a warning or an error is immediately displayed.

Cluster status

Daily Monitor

This panel shows the overall of the messages processed today (i.e. starting with 00:01am in local time). All data are real-time values coming from the application. The graph shown here is a complement to the “Last week summary”.

Today’s total: a detailed count of all messages received or rejected. By clicking on the magnifying-glass beside the SMTP rejected, you can see the full list of all sender rejected today.

Mail Queues: these represent the emails which are currently actively processed by Libraesva ESG. The incoming queue contains all the messages received (i.e. passed SMTP checks) which are waiting to be scanned and sanitized. The outgoing queue contains all the sanitized messages which are ready to be delivered. As for the SMTP reject, by clicking magnifying-glass is it possible to see the queue status; from that page the administrator may manually drop or flush the messages.

Note

Queue sizes are possibly the most important metric of your appliance. If you see an higher value than usual for the incoming queue, you may have a peak of traffic which may deteriorate the overall performance; in case of performance drop, or DoS situation, you should decide whether to increase the available resources (e.g. RAM or CPU) or to impose SMTP rate limits (e.g. 20 email per minutes). If you see an higher value than usual on the outgoing queue, the messages had been scanned but are not delivered to the final recipients; this means that you may have a problem with the company mailserver (refusing to accept message from Libraesva ESG) or with an external mail provider.

Last accepted messages

This list contains the last messages processed by Libraesva ESG in the last 24 hours updated in real-time. Every message shown here has successfully completed all the analysis, and is now either blocked in the quarantine or moved to the outgoing queue for delivery.

Administrator will find this list useful to monitor the mail flow through Libraesva ESG. In case of service abuse, this list gives an immediate feedback which greatly help in reducing threat response time.

Last update: September 15, 2022