3.3.2.3.7. MetaDefender Core Dashboard

OPSWAT Central Management's MetaDefender Core Dashboard gives a general overview of the status and activities of all managed MetaDefender Core instances.

The MetaDefender Core Dashboard feature is only compatible with MetaDefender Core instances of version 4.18+.
Because of the integration with ELK technology, the MetaDefender Core Dashboard function requires users to configure ELK settings on both OPSWAT Central Management and the managed MetaDefender Core instances.

In Logstash server settings, UDP protocol is recommended to have the collected data visualized correctly.
If TCP protocol must be selected, please ensure that the OPSWAT Central Management server can properly resolve the addresses of the managed MetaDefender Core instances, e.g., the server and instances are all installed on the same network.
Setting MetaDefender Core's syslog level to above info (such as debug) can cause the connected Logstash server to crash.

If you have not yet configured ELK settings, MetaDefender Core Dashboard will show the message No log server connected. Please setup a centralized log server at ELK settings . Click on the link to set up ELK for OPSWAT Central Management.

images/download/attachments/6219562/image2020-8-28_11-43-5.png

After the Elasticsearch and Logstash servers are successfully configured and at least one MetaDefender Core instance with correct Logstash server configuration is connected, the MetaDefender Core Dashboard will be displayed properly.

images/download/attachments/6219562/image2020-8-27_17-19-10.png

Processing Overview

Processing Overview shows the combined objects processing history of the managed MetaDefender Core instances.
The line chart shows the number of objects processed or blocked by date.
The donut chart breaks down the block reasons for the object blocked.
The bar chart break downs the object blocked or processed by file types.
Miscellaneous statistics are also listed such as the number of objects with sensitive data found with MetaDefender Core's Proactive DLP function or the number of threats sanitized by MetaDefender Core's CDR function.
The result can be further refined via the Filter function, which can be set to show the last 24 hours, the last 7 days or the last 30 days. Users can also set the refresh interval or perform a manual refresh via the Refresh buttons.

Objects refers to the files processed by MetaDefender Core instances, including child files contained in a parent archive-type file.

images/download/attachments/6219562/image2020-8-27_17-19-44.png

Instances

The Instances section shows the MetaDefender Core instances under management. Each instance is listed with its license status and scan queue.

images/download/attachments/6219562/image2020-8-20_15-2-51.png

Configuration of data collection frequency

The data collection frequency for the MetaDefender Core dashboard can be configured in a configuration file located at:

  • On Windows systems, ProgramData\OPSWAT\Central\gears-onpremise_definition.properties

  • On RedHat and Ubuntu systems, /etc/opt/ocm/gears-onpremise_definition.properties

#Scheduler interval setting (milliseconds)
schedule.core.statistic.interval=60000
schedule.core.scanQueue.interval=60000
schedule.core.processing.history.interval=3600000