How to check/find persistent sessions

Reply
Highlighted
L4 Transporter

How to check/find persistent sessions

How can we check from CLI sessions that have been running for hours or days.

 


Accepted Solutions
Highlighted
L4 Transporter

Re: How to check/find persistent sessions

try min-age and min-kb options in show session 

 

+ min-age minimum age in seconds
+ min-kb minimum KB of byte count

 

> show session all filter min-age
<value> <1-4194304> minimum age in seconds

 

for example

 

show session all filter min-age 86400  to find all sessions that has not aged out for over 86400 seconds (1 day) when you run the command.

 

That should provide the list of session which has not aged out for over X seconds, or use min-kb to look for large transfer.

 

you can also use the API to get all the session detail out as well,

 

/api/?type=op&cmd=<show><session><all><filter><min-age></min-age></filter></all></session></show>

 

 

View solution in original post


All Replies
Highlighted
Cyber Elite

Re: How to check/find persistent sessions

Hello,

While you can do something like show sessions via the cli. I prefer the GUI in this since you can just export the data as a csv and manipulate the data that way, e.g. sort by start. However I'm sure someone can chime in with proper cli commands for this.

 

Regards,

Highlighted
L4 Transporter

Re: How to check/find persistent sessions

When logging at session end, exporting logs does not help as a persistent session will not be in the log.

Session browser does not show more than 1024 sessions and can't export to csv and can't filter by date.

So i think best would be from cli but i i don't know how.

@OtakarKlier Does this make sense.

 

Highlighted
Cyber Elite

Re: How to check/find persistent sessions

Hello,

That is a good question. Perhaps someone else could jump in and help out. You can sort he session browser by start date/time, maybe that can help to narrow down your search?

 

Regards,

Highlighted
L4 Transporter

Re: How to check/find persistent sessions

try min-age and min-kb options in show session 

 

+ min-age minimum age in seconds
+ min-kb minimum KB of byte count

 

> show session all filter min-age
<value> <1-4194304> minimum age in seconds

 

for example

 

show session all filter min-age 86400  to find all sessions that has not aged out for over 86400 seconds (1 day) when you run the command.

 

That should provide the list of session which has not aged out for over X seconds, or use min-kb to look for large transfer.

 

you can also use the API to get all the session detail out as well,

 

/api/?type=op&cmd=<show><session><all><filter><min-age></min-age></filter></all></session></show>

 

 

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!