Thanks a lot. I will try the script. -lari-
-----Original Message----- From: Mailing list for discussion of Firewall-1 on behalf of David DeSimone Sent: Fri 5/16/2008 7:18 PM To: [email protected] Subject: Re: [FW-1] session table fills... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lari Luoma <[EMAIL PROTECTED]> wrote: > > Is there any easy way to find out which connections generate the most > sessions in NGX? Here is a script that we've used to dump the session table in a readable form. It is not completely accurate, but nevertheless it shows us which sessions are filling up the table. It does not do the work of analyzing the results for you, but it at least makes the table readable so that you can pore of it. The script was written and modified by various people, and consists of staring at the hex codes until they make some sense. connect.sh: #!/bin/sh fw tab -t connections -m 0 | awk -f connect.awk | sort -n > connect.out connect.awk: #!/usr/bin/awk -f function hex2dec(x, h, n, l, i) { h = "0123456789ABCDEF..........abcdef" for (i = l = length(x); i > 0; i--) n += (index(h, substr(x, i, 1)) - 1) % 16 * 16 ^ (l - i) return n } function ipaddr(x) { return sprintf("%d.%d.%d.%d", hex2dec(substr(x, 1, 2)), hex2dec(substr(x, 3, 2)), hex2dec(substr(x, 5, 2)), hex2dec(substr(x, 7, 2))) } BEGIN { printf("%-15s %-15s %-15s %-15s %-15s\n", "SRC", "PORT", "DEST", "PORT", "PROTO") } /^</ { sub(/,/,"",$2) sub(/,/,"",$3) sub(/,/,"",$4) sub(/,/,"",$5) sub(/[,>;]/,"",$6) printf("%-15s %-15s %-15s %-15s %-15s\n", ipaddr($2), hex2dec($3), ipaddr($4), hex2dec($5), hex2dec($6)) } - -- David DeSimone == Network Admin == [EMAIL PROTECTED] "This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, dis- tribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you." --Lawyer Bot 6000 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFILbPdFSrKRjX5eCoRAit8AKCc+qQX9CPk0UGLoKdYjLjPDfLozQCfWu1y RMKMyFNz9beYHs6oyB/Aa6Y= =TklQ -----END PGP SIGNATURE----- Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
