Tail traffic in CLI?

Showing results for 
Search instead for 
Did you mean: 

Tail traffic in CLI?

L3 Networker

Is it possible to tail live traffic in the CLI while running a grep (or match) for specific things? I would find this extremely useful..




L7 Applicator

Hi @Gareth.Doyle


yes and no: there are several ways, depending on what you want to know, to look for/at sessions/session details, but there is no 'follow'' function to see one particular session


you can >show session all filter  to find all sessions matchingsomething specific (application, port, ip,..)

admin@MyFirewall> show session all filter 
+ application         Application name
+ count               count number of sessions only
+ destination         destination IP address
+ destination-port    Destination port
+ destination-user    Destination user
+ egress-interface    egress interface
+ from                From zone
+ hw-interface        hardware interface
+ ingress-interface   ingress interface
+ min-kb              minimum KB of byte count
+ nat                 If session is NAT
+ nat-rule            NAT rule name
+ pbf-rule            Policy-Based-Forwarding rule name
+ protocol            IP protocol value
+ qos-class           QoS class
+ qos-node-id         QoS node-id value
+ qos-rule            QoS rule name
+ rematch             rematch sessions
+ rule                Security rule name
+ source              source IP address
+ source-port         Source port
+ source-user         Source user
+ ssl-decrypt         session is decrypted
+ start-at            Show next 1K sessions
+ state               flow state
+ to                  To zone
+ tunnel-decap        session is outer tunnel with inspection enabled
+ tunnel-inspected    session is inside tunnel
+ type                flow type
  |                   Pipe through a command
  <Enter>             Finish input

or you can >show session id which will show you the stats of one specific session


admin@MyFirewall> show session id 26709

Session           26709

        c2s flow:
                source: [v1-trust]
                proto:       17
                sport:       61263           dport:      53
                state:       INIT            type:       FLOW
                src user:    unknown
                dst user:    unknown

        s2c flow:
                source: [v1-untrust]
                proto:       17
                sport:       53              dport:      27792
                state:       INIT            type:       FLOW
                src user:    unknown
                dst user:    unknown

        start time                           : Tue Jan 23 11:36:42 2018
        timeout                              : 30 sec
        total byte count(c2s)                : 211
        total byte count(s2c)                : 271
        layer7 packet count(c2s)             : 2
        layer7 packet count(s2c)             : 1
        vsys                                 : vsys1
        application                          : dns  
        rule                                 : dns
        session to be logged at end          : False
        session in session ager              : False
        session updated by HA peer           : False
        address/port translation             : source
        nat-rule                             : hideNAT-ISP1(vsys1)
        layer7 processing                    : enabled
        URL filtering enabled                : False
        session via syn-cookies              : False
        session terminated on host           : False
        session traverses tunnel             : False
        captive portal session               : False
        ingress interface                    : ethernet1/2
        egress interface                     : ethernet1/1
        session QoS rule                     : N/A (class 4)
        end-reason                           : aged-out



Tom Piens
Like my answer? check out my book! https://bit.ly/MasteringPAN

Hm... That's a little unfortunate.

Thank you!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!