You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Ron Barber (JIRA)" <ji...@apache.org> on 2014/02/06 23:35:19 UTC
[jira] [Comment Edited] (TS-2169) SSL statistics
[ https://issues.apache.org/jira/browse/TS-2169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13893907#comment-13893907 ]
Ron Barber edited comment on TS-2169 at 2/6/14 10:33 PM:
---------------------------------------------------------
Proposed SSL stats. Most of these are based on existing stats (e.g. proxy.process.http.incoming_requests has an https equivalent proxy.process.https.incoming_requests). Existing stats will not change to maintain backward compatibility.
{code}
proxy.process.https.incoming_requests
- total number of inbound ssl requests
proxy.process.https.outgoing_requests
- total number of outbound ssl requests
proxy.process.https.current_client_connections
- current number of ssl connected clients
proxy.process.https.total_client_connections
- total number of inbound ssl connections
proxy.process.https.current_server_connections
- current number of ssl connected origins
proxy.process.https.total_server_connections
- total number of outbound ssl connections
proxy.node.https.user_agent_total_request_bytes
- total number of bytes received from ssl connected clients
= (proxy.process.http.user_agent_request_document_total_size + proxy.process.https.user_agent_request_header_total_size)
proxy.process.https.user_agent_request_document_total_size
- total size of body data received from ssl connected clients
proxy.process.https.user_agent_request_header_total_size
- total size of request headers received from ssl connected clients
proxy.node.https.user_agent_total_response_bytes
- total number of bytes sent to ssl connected clients
= (proxy.process.https.user_agent_response_document_total_size + proxy.process.https.user_agent_response_header_total_size)
proxy.process.https.user_agent_response_document_total_size
- total size of response body data sent to ssl connected clients
proxy.process.https.user_agent_response_header_total_size
- total size of response headers sent to ssl connected clients
proxy.node.https.origin_server_total_request_bytes
- total number of bytes sent to ssl connected origins
= (proxy.process.https.origin_server_request_document_total_size + proxy.process.https.origin_server_request_header_total_size)
proxy.process.https.origin_server_request_document_total_size
- total size of request body data sent to ssl connected origins
proxy.process.https.origin_server_request_header_total_size
- total size of request headers sent to ssl connected origins
proxy.node.https.origin_server_total_response_bytes
- total number of bytes received from ssl connected origins
= (proxy.process.https.origin_server_response_document_total_size + proxy.process.https.origin_server_response_header_total_size)
proxy.process.https.origin_server_response_document_total_size
- total size of response body data from ssl connected origins
proxy.process.https.origin_server_response_header_total_size
- total size of header data from ssl connected origins
proxy.node.https.user_agent_total_bytes
- total bytes transferred to/from ssl connected clients
= (proxy.node.https.user_agent_total_request_bytes + proxy.node.https.user_agent_total_response_bytes)
proxy.node.https.origin_server_total_bytes
- total bytes transferred to/from ssl connected origins
= (proxy.node.https.origin_server_total_request_bytes + proxy.node.https.origin_server_total_response_bytes)
proxy.node.https.throughput
- current bytes/second being transfer to ssl connected clients
proxy.node.https.client_throughput_out
- current Mbits/second being transfer to ssl connected clients
proxy.node.https.user_agent_xacts_per_second
- https requests/second from ssl clients
proxy.process.ssl.user_agent_other_errors
- total number of *other* ssl client connection errors (other are those not captured in other stats)
proxy.process.ssl.user_agent_expired_cert
- total number of ssl client connection failures where the cert was expired
- openssl error: SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED
proxy.process.ssl.user_agent_revoked_cert
- total number of ssl client connection failures where the cert was revoked
- openssl error: SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED
proxy.process.ssl.user_agent_unknown_cert
- total number of ssl client connection failures related to the cert where specific error was unknown
- openssl error: SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN
proxy.process.ssl.user_agent_cert_verify_failed
- total number of ssl client connection failures where cert verification failed
- openssl error: SSL_R_CERTIFICATE_VERIFY_FAILED
proxy.process.ssl.user_agent_bad_cert
- total number of ssl client connection failures where cert the is bad
- openssl error: SSL_R_SSLV3_ALERT_BAD_CERTIFICATE
proxy.process.ssl.user_agent_decryption_failed
- total number of ssl client connection decryption failures (during negotiation)
- openssl error: SSL_R_TLSV1_ALERT_DECRYPTION_FAILED
proxy.process.ssl.user_agent_wrong_version
- total number of ssl client connections provided an invalid protocol version
- openssl error: SSL_R_WRONG_VERSION_NUMBER
proxy.process.ssl.user_agent_unknown_ca
- total number of ssl client connection that failed due to unknown ca
- openssl error: SSL_R_TLSV1_ALERT_UNKNOWN_CA
proxy.process.ssl.origin_server_other_errors
- total number of *other* ssl origin server connection errors (other are those not captured in other stats)
proxy.process.ssl.origin_server_expired_cert
- total number of ssl origin server connection failures where the cert was expired
- openssl error: SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED
proxy.process.ssl.origin_server_revoked_cert
- total number of ssl origin server connection failures where the cert was revoked
- openssl error: SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED
proxy.process.ssl.origin_server_unknown_cert
- total number of ssl origin server connection failures related to the cert where specific error was unknown
- openssl error: SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN
proxy.process.ssl.origin_server_cert_verify_failed
- total number of ssl origin server connection failures where cert verification failed
- openssl error: SSL_R_CERTIFICATE_VERIFY_FAILED
proxy.process.ssl.origin_server_bad_cert
- total number of ssl origin server connection failures where cert the is bad
- openssl error: SSL_R_SSLV3_ALERT_BAD_CERTIFICATE
proxy.process.ssl.origin_server_decryption_failed
- total number of ssl origin server connection decryption failures (during negotiation)
- openssl error: SSL_R_TLSV1_ALERT_DECRYPTION_FAILED
proxy.process.ssl.origin_server_wrong_version
- total number of ssl origin server connections provided an invalid protocol version
- openssl error: SSL_R_WRONG_VERSION_NUMBER
proxy.process.ssl.origin_server_unknown_ca
- total number of ssl origin server connection that failed due to unknown ca
- openssl error: SSL_R_TLSV1_ALERT_UNKNOWN_CA
{code}
Note: Criteria for selecting specific SSL error metrics above was by observing actual SSL errors generated by production traffic on a Yahoo! server.
was (Author: rwbarber2):
Proposed SSL stats. Most of these are based on existing stats (e.g. proxy.process.http.incoming_requests has an https equivalent proxy.process.https.incoming_requests). Existing stats will not change to maintain backward compatibility.
{code}
proxy.process.https.incoming_requests
- total number of inbound ssl requests
proxy.process.https.outgoing_requests
- total number of outbound ssl requests
proxy.process.https.current_client_connections
- current number of ssl connected clients
proxy.process.https.total_client_connections
- total number of inbound ssl connections
proxy.process.https.current_server_connections
- current number of ssl connected origins
proxy.process.https.total_server_connections
- total number of outbound ssl connections
proxy.node.https.user_agent_total_request_bytes
- total number of bytes received from ssl connected clients (proxy.process.http.user_agent_request_document_total_size + proxy.process.https.user_agent_request_header_total_size)
proxy.process.https.user_agent_request_document_total_size
- total size of body data received from ssl connected clients
proxy.process.https.user_agent_request_header_total_size
- total size of request headers received from ssl connected clients
proxy.node.https.user_agent_total_response_bytes
- total number of bytes sent to ssl connected clients (proxy.process.https.user_agent_response_document_total_size + proxy.process.https.user_agent_response_header_total_size)
proxy.process.https.user_agent_response_document_total_size
- total size of response body data sent to ssl connected clients
proxy.process.https.user_agent_response_header_total_size
- total size of response headers sent to ssl connected clients
proxy.node.https.origin_server_total_request_bytes
- total number of bytes sent to ssl connected origins (proxy.process.https.origin_server_request_document_total_size + proxy.process.https.origin_server_request_header_total_size)
proxy.process.https.origin_server_request_document_total_size
- total size of request body data sent to ssl connected origins
proxy.process.https.origin_server_request_header_total_size
- total size of request headers sent to ssl connected origins
proxy.node.https.origin_server_total_response_bytes
- total number of bytes received from ssl connected origins (proxy.process.https.origin_server_response_document_total_size + proxy.process.https.origin_server_response_header_total_size)
proxy.process.https.origin_server_response_document_total_size
- total size of response body data from ssl connected origins
proxy.process.https.origin_server_response_header_total_size
- total size of header data from ssl connected origins
proxy.node.https.user_agent_total_bytes
- total bytes transferred to/from ssl connected clients (proxy.node.https.user_agent_total_request_bytes + proxy.node.https.user_agent_total_response_bytes)
proxy.node.https.origin_server_total_bytes
- total bytes transferred to/from ssl connected origins (proxy.node.https.origin_server_total_request_bytes + proxy.node.https.origin_server_total_response_bytes)
proxy.node.https.throughput
- current bytes/second being transfer to ssl connected clients
proxy.node.https.client_throughput_out
- current Mbits/second being transfer to ssl connected clients
proxy.node.https.user_agent_xacts_per_second
- https requests/second from ssl clients
proxy.process.ssl.user_agent_other_errors
- total number of *other* ssl client connection errors (other are those not captured in other stats)
proxy.process.ssl.user_agent_expired_cert
- total number of ssl client connection failures where the cert was expired
- openssl error: SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED
proxy.process.ssl.user_agent_revoked_cert
- total number of ssl client connection failures where the cert was revoked
- openssl error: SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED
proxy.process.ssl.user_agent_unknown_cert
- total number of ssl client connection failures related to the cert where specific error was unknown
- openssl error: SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN
proxy.process.ssl.user_agent_cert_verify_failed
- total number of ssl client connection failures where cert verification failed
- openssl error: SSL_R_CERTIFICATE_VERIFY_FAILED
proxy.process.ssl.user_agent_bad_cert
- total number of ssl client connection failures where cert the is bad
- openssl error: SSL_R_SSLV3_ALERT_BAD_CERTIFICATE
proxy.process.ssl.user_agent_decryption_failed
- total number of ssl client connection decryption failures (during negotiation)
- openssl error: SSL_R_TLSV1_ALERT_DECRYPTION_FAILED
proxy.process.ssl.user_agent_wrong_version
- total number of ssl client connections provided an invalid protocol version
- openssl error: SSL_R_WRONG_VERSION_NUMBER
proxy.process.ssl.user_agent_unknown_ca
- total number of ssl client connection that failed due to unknown ca
- openssl error: SSL_R_TLSV1_ALERT_UNKNOWN_CA
proxy.process.ssl.origin_server_other_errors
- total number of *other* ssl origin server connection errors (other are those not captured in other stats)
proxy.process.ssl.origin_server_expired_cert
- total number of ssl origin server connection failures where the cert was expired
- openssl error: SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED
proxy.process.ssl.origin_server_revoked_cert
- total number of ssl origin server connection failures where the cert was revoked
- openssl error: SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED
proxy.process.ssl.origin_server_unknown_cert
- total number of ssl origin server connection failures related to the cert where specific error was unknown
- openssl error: SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN
proxy.process.ssl.origin_server_cert_verify_failed
- total number of ssl origin server connection failures where cert verification failed
- openssl error: SSL_R_CERTIFICATE_VERIFY_FAILED
proxy.process.ssl.origin_server_bad_cert
- total number of ssl origin server connection failures where cert the is bad
- openssl error: SSL_R_SSLV3_ALERT_BAD_CERTIFICATE
proxy.process.ssl.origin_server_decryption_failed
- total number of ssl origin server connection decryption failures (during negotiation)
- openssl error: SSL_R_TLSV1_ALERT_DECRYPTION_FAILED
proxy.process.ssl.origin_server_wrong_version
- total number of ssl origin server connections provided an invalid protocol version
- openssl error: SSL_R_WRONG_VERSION_NUMBER
proxy.process.ssl.origin_server_unknown_ca
- total number of ssl origin server connection that failed due to unknown ca
- openssl error: SSL_R_TLSV1_ALERT_UNKNOWN_CA
{code}
Note: Criteria for selecting specific SSL error metrics above was by observing actual SSL errors generated by production traffic on a Yahoo! server.
> SSL statistics
> --------------
>
> Key: TS-2169
> URL: https://issues.apache.org/jira/browse/TS-2169
> Project: Traffic Server
> Issue Type: Improvement
> Components: SSL, Stats
> Reporter: David Carlin
> Fix For: 5.1.0
>
>
> It would be swell if there were some traffic_line SSL statistic variables.
> For instance, number of SSL connections and SSL bytes.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)