01-22-2018 04:55 PM
Is it possible to tail live traffic in the CLI while running a grep (or match) for specific things? I would find this extremely useful..
Thanks.
01-23-2018 02:39 AM
yes and no: there are several ways, depending on what you want to know, to look for/at sessions/session details, but there is no 'follow'' function to see one particular session
you can >show session all filter to find all sessions matchingsomething specific (application, port, ip,..)
admin@MyFirewall> show session all filter + application Application name + count count number of sessions only + destination destination IP address + destination-port Destination port + destination-user Destination user + egress-interface egress interface + from From zone + hw-interface hardware interface + ingress-interface ingress interface + min-kb minimum KB of byte count + nat If session is NAT + nat-rule NAT rule name + pbf-rule Policy-Based-Forwarding rule name + protocol IP protocol value + qos-class QoS class + qos-node-id QoS node-id value + qos-rule QoS rule name + rematch rematch sessions + rule Security rule name + source source IP address + source-port Source port + source-user Source user + ssl-decrypt session is decrypted + start-at Show next 1K sessions + state flow state + to To zone + tunnel-decap session is outer tunnel with inspection enabled + tunnel-inspected session is inside tunnel + type flow type | Pipe through a command <Enter> Finish input
or you can >show session id which will show you the stats of one specific session
admin@MyFirewall> show session id 26709
Session 26709
c2s flow:
source: 192.168.0.97 [v1-trust]
dst: 4.2.2.2
proto: 17
sport: 61263 dport: 53
state: INIT type: FLOW
src user: unknown
dst user: unknown
s2c flow:
source: 4.2.2.2 [v1-untrust]
dst: 198.51.100.241
proto: 17
sport: 53 dport: 27792
state: INIT type: FLOW
src user: unknown
dst user: unknown
start time : Tue Jan 23 11:36:42 2018
timeout : 30 sec
total byte count(c2s) : 211
total byte count(s2c) : 271
layer7 packet count(c2s) : 2
layer7 packet count(s2c) : 1
vsys : vsys1
application : dns
rule : dns
session to be logged at end : False
session in session ager : False
session updated by HA peer : False
address/port translation : source
nat-rule : hideNAT-ISP1(vsys1)
layer7 processing : enabled
URL filtering enabled : False
session via syn-cookies : False
session terminated on host : False
session traverses tunnel : False
captive portal session : False
ingress interface : ethernet1/2
egress interface : ethernet1/1
session QoS rule : N/A (class 4)
end-reason : aged-out
01-23-2018 12:55 PM
Hm... That's a little unfortunate.
Thank you!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
