29.03.2018 · 3 minutes read

A short introduction into Wanguards stats engine

Wanguard software has three main engines for gathering data : Basic, Extended and Full. Each next step adds performance penalty it should be taken into account before deploying Your Wanguard.
You might wonder why? Thats easy, the CPU needs to handle the additional computing power for any new graphs and stats gathered during traffic capture.
It's important to know if You need the top AS stats with Your DDoS protection - as this might be an additional feature granting You more visibility into Your network with just one tool.
Before buying a server for Wanguard, it's better to have some room to enable such statistics.

HINT:

According to Andrisoft support the IP and Anomaly graphs pose no performance penalty.If you leave the Stats parameter to Basic - then there is no performance penalty.
IP Validation also doesn't add much performance penalty and it's not something that we be avoided.

Below is the quick excerpt from Wanguard's documentaion explaining each engine and performance penalty.

Stats Engine:

  • Basic Enables tops for Internal IPs, IP protocols, versions and TCP/UDP ports. It is the recommended value because it adds a very small performance penalty.
  • Extended Enables all tops from Basic as well as tops for external IPs (IPs not included in the IP Zone). It adds performance penalty of over 20%, especially during spoofed attacks. Permits the detection of threshold violations for external IPs.
  • Full Enables all tops from Extended as well as tops and graphs for autonomous systems. It adds a performance penalty of over 20%, especially during spoofed attacks. Permits the detection of threshold violations for external IPs.