I am trying to identify those long live sessions on my firewall, I mean those session(s) that never ended for weeks at a time.
This is what I found out so far.
1. I can't export the whole session log to perform offline analysis,
2, I did not find anything related to session start time as filter under show session all filter.
3. ACC will only record when a session is closed, I don't believe ACC will show that session data (session #, packets used, bytes used) until the session is ended.
Thanks in advanced,
I think session table shows up to 1024 sessions at once.
If you don't have too many sessions then you could export from cli.
show session all start-at 1
show session all start-at 1025
By the way ACC data comes directly from dataplane and it does not matter if sec policy has "log at session start" and "log at session end" checked - ACC still shows everything. ACC is not real time - it has 15 min delay.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!