-
-
-
Per-Application Network Monitoring
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Per-Application Network Monitoring
This feature is supported on: Windows, macOS
What Is Per-Application Network Monitoring
uberAgent network monitoring keeps track of all incoming and outgoing network connections. uberAgent associates every network connection with the application handling it and determines metrics like latency, packet loss, data volume, and more. uberAgent network monitoring also records failed connections that may have been blocked by firewalls, for example.
uberAgent per-application network monitoring does not inspect packets and does not break TLS or other types of encryption.
Use Cases for Per-Application Network Monitoring
By providing insights into network activity per application, uberAgent enables the following use cases:
- Network availability scoring
- Network quality monitoring
- Identification of network issues (jitter, packet loss, blocked ports)
- Mapping of network targets (who talks to whom)
- Data volume analytics (how much traffic is going where)
Which Data is Collected by Per-Application Network Monitoring
The data collected as part of uberAgent per-application network monitoring is sent to the backend via the sourcetypes listed in the network metrics documentation.
Name Resolution (IP Address to DNS Name)
Name resolution is supported on: Windows
Network packets contain IP addresses, but not DNS names. In order to be able to associate each network target IP address with the corresponding DNS name, uberAgent also monitors DNS queries. By enriching network monitoring data with DNS query data, uberAgent ensures that each network event has the target’s IP address as well as its DNS name.
Please note that uberAgent does not perform reverse DNS lookups, nor does it send its own DNS queries over the wire. uberAgent only generates network traffic to send the collected data from the endpoint to the backend servers.
Protocol Notes
IPv6
IPv6 is fully supported by uberAgent per-application network monitoring.
UDP
UDP traffic is fully supported by uberAgent per-application network monitoring. However, due to the protocol’s connectionless nature, latency cannot be determined.
TCP
TCP traffic is fully supported by uberAgent per-application network monitoring. Since TCP is a connection-based protocol, latency, jitter, and packet loss can be determined.
Please note that latency detection is limited to send operations because otherwise a cooperating agent at the receiving side would be required.
QUIC
QUIC traffic is treated as UDP by uberAgent per-application network monitoring.
ICMP
ICMP traffic is ignored by uberAgent per-application network monitoring.
Configuration
Enabling or Disabling Per-Application Network Monitoring
uberAgent per-application network monitoring is enabled or disabled via the NetworkTargetPerformanceProcess
timer metric in the configuration. In the default configuration, network monitoring is enabled.
Configuration Options for Per-Application Network Monitoring
Certain aspects of per-application network monitoring can be configured via the stanza [NetworkTargetPerformanceProcess_Config]
.
Key
This setting is supported on: Windows, macOS
Internally, uberAgent records network activity by process instance. However, that level of detail is rarely required. In most cases, it is sufficient to visualize network activity per process name. This is an optimization that reduces the event count in the backend and the data volume. Optionally, the agent can be configured to record network activity by process ID for full granularity by switching to grouping per ID instead of per name.
Setting name: Key
Description: What to group by: process name or ID
Valid values: name | id
Default: name
Required: no
<!--NeedCopy-->
IgnoreLowActivity
This setting is supported on: Windows, macOS
This is another setting targeted at reducing the event count and the data volume. By default, a threshold is applied below which per-application network activity is dropped (not sent to the backend).
Setting name: IgnoreLowActivity
Description: Whether to ignore processes with very low activity during a collection interval
Valid values: true | false
Default: true
Required: no
<!--NeedCopy-->
NetworkDriverEnabled
This setting is supported on: Windows
Starting with uberAgent 6.0 (Windows), uberAgent monitors network activity with a kernel driver. This configuration option can be used to switch back to the older network data collection source ETW. ETW network monitoring has several limitations. Most notably, latency cannot be determined accurately.
Setting name: NetworkDriverEnabled
Description: Enables processing all network metrics by a driver instead of ETW.
Valid values: true | false
Default: true
Required: no
<!--NeedCopy-->
NetworkDriverLegacyAPI
This setting is supported on: Windows
This setting is intended for internal use by vast limits. Only enable it if instructed by support.
Setting name: NetworkDriverLegacyAPI
Description: Use legacy WFP API to process packet streams in kernel mode.
Valid values: true | false
Default: false
Required: no
<!--NeedCopy-->
TestCompareNetworkDriverAndETW
This setting is supported on: Windows
This setting is intended for internal use by vast limits. Only enable it if instructed by support.
Setting name: TestCompareNetworkDriverAndETW
Description: Collect network metrics using Windows ETW interfaces and the uberAgent network driver.
The ProcUser field of the metric NetworkTargetPerformanceProcess is extended by a suffix ETW or DRV to differentiate the type of network event.
Because of that, the network events are sent two times to the configured backend.
Use this feature to test unusual behavior in test environments. This is not intended to be used in a production environment.
Valid values: true | false
Default: false
Required: no
<!--NeedCopy-->
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.