CLIでライブ セッションを確認する方法

Printer Friendly Page

※この記事は以下の記事の日本語訳です。
How to Monitor Live Sessions in the CLI
https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Monitor-Live-Sessions-in-the-CLI/ta-...

 

詳細

次のコマンドを使用してセッション状況をリアルタイムに確認することができます:

 

 > show session info

-------------------------------------------------------------------------------
number of sessions supported:                   131071
number of active sessions:                      7501
number of active TCP sessions:                  5503
number of active UDP sessions:                  1980
number of active ICMP sessions:                 16
number of active BCAST sessions:                0
number of active MCAST sessions:                0
number of predict sessions:                     914
session table utilization:                      5%
number of sessions created since system bootup: 1054609
Packet rate:                                    3298/s
Throughput:                                     20321 Kbps
-------------------------------------------------------------------------------
session timeout
  TCP default timeout:                          3600 seconds
  TCP session timeout before 3-way handshaking:    5 seconds
  TCP session timeout after FIN/RST:              30 seconds
  UDP default timeout:                            30 seconds
  ICMP default timeout:                            6 seconds
  other IP default timeout:                       30 seconds
  Session timeout in discard state:
    TCP: 90 seconds, UDP: 60 seconds, other IP protocols: 60 seconds
-------------------------------------------------------------------------------
session accelerated aging:                      enabled
  accelerated aging threshold:                  80% of utilization
  scaling factor:                               2 X
-------------------------------------------------------------------------------
session setup
  TCP - reject non-SYN first packet:            no
  hardware session offloading:                  yes
  IPv6 firewalling:                             no
-------------------------------------------------------------------------------
application trickling scan parameters:
  timeout to determine application trickling:   10 seconds
  resource utilization threshold to start scan: 80%
  scan scaling factor over regular aging:       8
-------------------------------------------------------------------------------

 

現在のスループットと統計情報を表示する場合:

 

 > show system statistics

Device is up          : 2 days 23 hours 39 mins 11 sec
Packet rate           : 2136/s
Throughput            : 9599 Kbps
Total active sessions : 7355
Active TCP sessions   : 5248
Active UDP sessions   : 2089
Active ICMP sessions  : 16

 

アクティブな全てのセッションを表示する場合:

 

 > show session all

ID/vsys   application     state   type flag   src[sport]/zone/proto (translated IP[port])
                                              dst[dport]/zone (translated IP[port]
-------------------------------------------------------------------------------

4583/1    0               ACTIVE  FLOW        10.5.20.110[139]/corp-trust/6 (10.5.20.110[139])
                                              192.168.83.1[4907]/corp-untrust (192.168.83.1[4907])
16407/1   0               ACTIVE  FLOW        10.16.0.200[1475]/corp-trust/6 (10.16.0.200[1475])
                                              10.5.20.110[139]/corp-untrust (10.5.20.110[139])
119943/1  skype           ACTIVE  PRED        0.0.0.0[0]/corp-trust/6 (0.0.0.0[0])
                                              75.111.30.222[443]/corp-untrust (75.111.30.222[443])

 

セッション フィルタのオプションを表示する:

 

 > show session all filter

+ application        Application name
+ destination        destination IP address
+ destination-port   Destination port
+ destination-user   Destination user
+ from               From zone
+ nat                If session is NAT
+ nat-rule           NAT rule name
+ protocol           IP protocol value
+ proxy              session is decrypted
+ rule               Rule name
+ source             source IP address
+ source-port        Source port
+ source-user        Source user
+ state              flow state
+ to                 To zone
+ type               flow type
  |                  Pipe through a command

 

フィルタ表示の例:

 

 > show session all filter source 10.5.20.110

-------------------------------------------------------------------------------
ID        application     state   type flag   src[sport]/zone/proto (translated IP[port])
                                              dst[dport]/zone (translated IP[port]
-------------------------------------------------------------------------------

22306     0               ACTIVE  FLOW        10.5.20.110[139]/corp-trust/6 (10.5.20.110[139])
                                              192.168.83.1[4907]/corp-untrust (192.168.83.1[4907])
20318     0               ACTIVE  FLOW        10.5.20.110[139]/corp-trust/6 (10.5.20.110[139])
                                              192.168.189.1[4492]/corp-untrust (192.168.189.1[4492])
111056    0               ACTIVE  FLOW        10.5.20.110[139]/corp-trust/6 (10.5.20.110[139])
                                              192.168.83.1[3007]/corp-untrust (192.168.83.1[3007])
130911    0               ACTIVE  FLOW        10.5.20.110[139]/corp-trust/6 (10.5.20.110[139])

 

参照

How to View/Clear Sessions

How to View Active Session Information Using the CLI

 

著者: panagent