This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

how can I get entire session table?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

how can I get entire session table?

nextgenhappines
L4 Transporter

‎10-23-2013 10:33 AM

Working on the 5060 in 5.0.7, the active session count is around 60k+, in cli 'show session all' output will only return ~3000 sessions.   API returns 9995 lines.  How can I get the entire session table?

The use case,  I will like to be able to take a snapshot of the firewall session table at a given specific moment; find out which vsys has the most active sessions, group by top 10 source / destination ip address / destination port per vsys.

Any suggestions?

Thanks,

Ernest

1 person had this problem.
0 Likes Likes
(1)
8 REPLIES 8

panos
L6 Presenter

‎10-24-2013 01:36 AM

Can the Whole Session Log be Exported?

I think taking this report for the sessions after logged (from traffic logs )will give you parallel information.

0 Likes Likes

workarounds
L1 Bithead
In response to panos

‎10-24-2013 09:10 AM

Here are the problem that I can see using the traffic logs,

traffic log is only generated when the session is closed/ended, unless you change policy setting to log at session start.  But it is not recommended, and you can't change all the policy at the same time...

How can I do it?

Ernest

0 Likes Likes

panos
L6 Presenter
In response to workarounds

‎10-24-2013 10:01 AM

Hi,

start session is used especially for debugging.you can cofigure this for all policy at one time if you don't have any configured.

Just edit your config with a tool(even word can do)

change

<log-start>no</log-start>
<log-end>yes</log-end>


to



<log-start>yes</log-start>
<log-end>yes</log-end>


Then after you examine what you need for a day or 1 week, you will rollback to old config.

0 Likes Likes

workarounds
L1 Bithead
In response to panos

‎10-24-2013 05:12 PM

Hello,

I am looking from an operational perspective, if the firewall session table count is higher than normal, how do you find out which vsys/protocol/source ip/destination ip/destination ports is causing the high session counts? 

E

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks