|
List Info
Thread: session table fills...
|
|
| session table fills... |
 
Finland |
2008-05-16 02:14:09 |
Hi!
Is there any easy way to find out which connections generate
the most sessions in NGX? The problem is that the
session-table continuously fills up and we'd like to know
the root cause (whether some application is working
improperly and generating too many sessions etc...).
Thanks!
-lari-
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: session table fills... |
 
United States |
2008-05-16 02:53:50 |
Lari Luoma a écrit :
> Hi!
>
> Is there any easy way to find out which connections
generate the most sessions in NGX? The problem is that the
session-table continuously fills up and we'd like to know
the root cause (whether some application is working
improperly and generating too many sessions etc...).
>
you can check with smartview monitor which rules is mostly
used.
ask for an eval licence if you don't have this feature on
the gateway.
> Thanks!
>
> -lari-
>
>
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: session table fills... |
|
2008-05-16 11:18:37 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Lari Luoma <lari.luomaMAINFRAME.FI> wrote:
>
> Is there any easy way to find out which connections
generate the most
> sessions in NGX?
Here is a script that we've used to dump the session table
in a readable
form. It is not completely accurate, but nevertheless it
shows us which
sessions are filling up the table.
It does not do the work of analyzing the results for you,
but it at
least makes the table readable so that you can pore of it.
The script was written and modified by various people, and
consists of
staring at the hex codes until they make some sense.
connect.sh:
#!/bin/sh
fw tab -t connections -m 0 |
awk -f connect.awk |
sort -n > connect.out
connect.awk:
#!/usr/bin/awk -f
function hex2dec(x, h, n, l, i)
{
h = "0123456789ABCDEF..........abcdef"
for (i = l = length(x); i > 0; i--)
n += (index(h, substr(x, i, 1)) - 1) % 16 * 16 ^ (l
- i)
return n
}
function ipaddr(x)
{
return sprintf("%d.%d.%d.%d",
hex2dec(substr(x, 1, 2)),
hex2dec(substr(x, 3, 2)),
hex2dec(substr(x, 5, 2)),
hex2dec(substr(x, 7, 2)))
}
BEGIN {
printf("%-15s %-15s %-15s %-15s %-15sn",
"SRC",
"PORT",
"DEST",
"PORT",
"PROTO")
}
/^</ {
sub(/,/,"",$2)
sub(/,/,"",$3)
sub(/,/,"",$4)
sub(/,/,"",$5)
sub(/[,>;]/,"",$6)
printf("%-15s %-15s %-15s %-15s %-15sn",
ipaddr($2),
hex2dec($3),
ipaddr($4),
hex2dec($5),
hex2dec($6))
}
- --
David DeSimone == Network Admin == foxverio.net
"This email message is intended for the use of the
person to whom
it has been sent, and may contain information that is
confidential
or legally protected. If you are not the intended
recipient or have
received this message in error, you are not authorized to
copy, dis-
tribute, or otherwise use this message or its attachments.
Please
notify the sender immediately by return e-mail and
permanently delete
this message and any attachments. Verio, Inc. makes no
warranty that
this email is error or virus free. Thank you."
--Lawyer Bot 6000
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFILbPdFSrKRjX5eCoRAit8AKCc+qQX9CPk0UGLoKdYjLjPDfLozQCf
Wu1y
RMKMyFNz9beYHs6oyB/Aa6Y=
=TklQ
-----END PGP SIGNATURE-----
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: session table fills... |
|
2008-05-16 11:18:37 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Lari Luoma <lari.luomaMAINFRAME.FI> wrote:
>
> Is there any easy way to find out which connections
generate the most
> sessions in NGX?
Here is a script that we've used to dump the session table
in a readable
form. It is not completely accurate, but nevertheless it
shows us which
sessions are filling up the table.
It does not do the work of analyzing the results for you,
but it at
least makes the table readable so that you can pore of it.
The script was written and modified by various people, and
consists of
staring at the hex codes until they make some sense.
connect.sh:
#!/bin/sh
fw tab -t connections -m 0 |
awk -f connect.awk |
sort -n > connect.out
connect.awk:
#!/usr/bin/awk -f
function hex2dec(x, h, n, l, i)
{
h = "0123456789ABCDEF..........abcdef"
for (i = l = length(x); i > 0; i--)
n += (index(h, substr(x, i, 1)) - 1) % 16 * 16 ^ (l
- i)
return n
}
function ipaddr(x)
{
return sprintf("%d.%d.%d.%d",
hex2dec(substr(x, 1, 2)),
hex2dec(substr(x, 3, 2)),
hex2dec(substr(x, 5, 2)),
hex2dec(substr(x, 7, 2)))
}
BEGIN {
printf("%-15s %-15s %-15s %-15s %-15sn",
"SRC",
"PORT",
"DEST",
"PORT",
"PROTO")
}
/^</ {
sub(/,/,"",$2)
sub(/,/,"",$3)
sub(/,/,"",$4)
sub(/,/,"",$5)
sub(/[,>;]/,"",$6)
printf("%-15s %-15s %-15s %-15s %-15sn",
ipaddr($2),
hex2dec($3),
ipaddr($4),
hex2dec($5),
hex2dec($6))
}
- --
David DeSimone == Network Admin == foxverio.net
"This email message is intended for the use of the
person to whom
it has been sent, and may contain information that is
confidential
or legally protected. If you are not the intended
recipient or have
received this message in error, you are not authorized to
copy, dis-
tribute, or otherwise use this message or its attachments.
Please
notify the sender immediately by return e-mail and
permanently delete
this message and any attachments. Verio, Inc. makes no
warranty that
this email is error or virus free. Thank you."
--Lawyer Bot 6000
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFILbPdFSrKRjX5eCoRAit8AKCc+qQX9CPk0UGLoKdYjLjPDfLozQCf
Wu1y
RMKMyFNz9beYHs6oyB/Aa6Y=
=TklQ
-----END PGP SIGNATURE-----
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
____________________________________________________________
__________
This email has been scanned by the MessageLabs Email
Security System.
For more information please visit http://www.messagela
bs.com/email
____________________________________________________________
__________
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: session table fills... |
Finland |
2008-05-16 16:52:01 |
Thanks a lot. I will try the script.
-lari-
-----Original Message-----
From: Mailing list for discussion of Firewall-1 on behalf of
David DeSimone
Sent: Fri 5/16/2008 7:18 PM
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] session table fills...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Lari Luoma <lari.luomaMAINFRAME.FI> wrote:
>
> Is there any easy way to find out which connections
generate the most
> sessions in NGX?
Here is a script that we've used to dump the session table
in a readable
form. It is not completely accurate, but nevertheless it
shows us which
sessions are filling up the table.
It does not do the work of analyzing the results for you,
but it at
least makes the table readable so that you can pore of it.
The script was written and modified by various people, and
consists of
staring at the hex codes until they make some sense.
connect.sh:
#!/bin/sh
fw tab -t connections -m 0 |
awk -f connect.awk |
sort -n > connect.out
connect.awk:
#!/usr/bin/awk -f
function hex2dec(x, h, n, l, i)
{
h = "0123456789ABCDEF..........abcdef"
for (i = l = length(x); i > 0; i--)
n += (index(h, substr(x, i, 1)) - 1) % 16 * 16 ^ (l
- i)
return n
}
function ipaddr(x)
{
return sprintf("%d.%d.%d.%d",
hex2dec(substr(x, 1, 2)),
hex2dec(substr(x, 3, 2)),
hex2dec(substr(x, 5, 2)),
hex2dec(substr(x, 7, 2)))
}
BEGIN {
printf("%-15s %-15s %-15s %-15s %-15sn",
"SRC",
"PORT",
"DEST",
"PORT",
"PROTO")
}
/^</ {
sub(/,/,"",$2)
sub(/,/,"",$3)
sub(/,/,"",$4)
sub(/,/,"",$5)
sub(/[,>;]/,"",$6)
printf("%-15s %-15s %-15s %-15s %-15sn",
ipaddr($2),
hex2dec($3),
ipaddr($4),
hex2dec($5),
hex2dec($6))
}
- --
David DeSimone == Network Admin == foxverio.net
"This email message is intended for the use of the
person to whom
it has been sent, and may contain information that is
confidential
or legally protected. If you are not the intended
recipient or have
received this message in error, you are not authorized to
copy, dis-
tribute, or otherwise use this message or its attachments.
Please
notify the sender immediately by return e-mail and
permanently delete
this message and any attachments. Verio, Inc. makes no
warranty that
this email is error or virus free. Thank you."
--Lawyer Bot 6000
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFILbPdFSrKRjX5eCoRAit8AKCc+qQX9CPk0UGLoKdYjLjPDfLozQCf
Wu1y
RMKMyFNz9beYHs6oyB/Aa6Y=
=TklQ
-----END PGP SIGNATURE-----
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: session table fills... |
United States |
2008-05-20 16:11:44 |
>>> On 5/16/2008 at 9:18 AM, David DeSimone
<foxVERIO.NET> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Lari Luoma <lari.luomaMAINFRAME.FI> wrote:
>>
>> Is there any easy way to find out which connections
generate the
most
>> sessions in NGX?
>
> Here is a script that we've used to dump the session
table in a
readable
> form. It is not completely accurate, but nevertheless
it shows us
which
> sessions are filling up the table.
Actually, the "-f" option to "fw tab"
does most of the
conversions your script does,
[fw]# fw tab -t connections -f -u
You can then parse that a bit more easily.
B¼information contained in this e-mail message is
confidential, intended
only for the use of the individual or entity named above. If
the reader
of this e-mail is not the intended recipient, or the
employee or agent
responsible to deliver it to the intended recipient, you are
hereby
notified that any review, dissemination, distribution or
copying of this
communication is strictly prohibited. If you have received
this e-mail
in error, please contact postmasterglobalstar.com
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: session table fills... |
|
2008-05-20 17:51:02 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Crist Clark <Crist.ClarkGLOBALSTAR.COM> wrote:
>
> Actually, the "-f" option to "fw
tab" does most of the
> conversions your script does,
>
> [fw]# fw tab -t connections -f -u
Wow, that is nice to know. My script was written during the
4.1 days
when such things didn't exist.
Is there a way to get it to not use object names like
"Remote_storm" for
port numbers? An all-numeric output would be nice.
- --
David DeSimone == Network Admin == foxverio.net
"This email message is intended for the use of the
person to whom
it has been sent, and may contain information that is
confidential
or legally protected. If you are not the intended
recipient or have
received this message in error, you are not authorized to
copy, dis-
tribute, or otherwise use this message or its attachments.
Please
notify the sender immediately by return e-mail and
permanently delete
this message and any attachments. Verio, Inc. makes no
warranty that
this email is error or virus free. Thank you."
--Lawyer Bot 6000
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFIM1XVFSrKRjX5eCoRApLKAJ9p8CpWzjF/wxY6eXNTHn8uwYBUSQCf
agdE
HKKT5X2uAn/HbiwerBXbChQ=
=XVNT
-----END PGP SIGNATURE-----
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
[1-7]
|
|