Hi Vincent - I saw someone mentioned the FSA tool ( http://tools.juniper.net/fsa/ ), I'd also recommend this.
Also, if you use MRTG to monitor link utilization, you may want to add a graph to track software sessions, too. Insert something like this into mrtg.cfg, replacing 'public' with your SNMP community string and 'host' with the IP/hostname of your firewall. Title[host.sessions]: Software Sessions on host Target[host.sessions]: 1.3.6.1.4.1.3224.16.3.2.0&1.3.6.1.4.1.3224.16.3.2.0:[EMAIL PROTECTED] # tune the following to the "Session soft limit number" from 'get sys-cfg' output MaxBytes[host.sessions]: 32000 Options[host.sessions]: gauge, growright, nopercent YLegend[host.sessions]: Sessions Legend1[host.sessions]: Current Sessions Legend2[host.sessions]: Current Sessions LegendI[host.sessions]: Sessions: LegendO[host.sessions]: PageTop[host.sessions]: <H1>Software Sessions on host</H1> <p>This summary page shows the number of software sessions on host.</p> ShortLegend[host.sessions]: Sessions - Mark On Fri, Mar 14, 2008 at 05:25:48PM +0100, Vincent De Keyzer wrote: > Hello, > > we have a Netscreen 25 at our office (30 people), that we use for > Internet access and VoIP. > > From time to time the firewall goes bananas: traffic does not go > through anymore, ping success rate to default gateway is very low, and > if we succeed to login, we see very high CPU and messages in the log > that say: > > 2008-03-13 15:08:31 system crit 00051 Session utilization has reached > 28857, > which is 90% of the system capacity! > 2008-03-13 15:08:29 system crit 00051 Session utilization has reached > 28857, > which is 90% of the system capacity! > 2008-03-13 15:08:28 system crit 00051 Session utilization has reached > 28857, > which is 90% of the system capacity! > 2008-03-13 15:08:27 system crit 00051 Session utilization has reached > 28857, > which is 90% of the system capacity! > 2008-03-13 15:08:26 system crit 00051 Session utilization has reached > 28857, > which is 90% of the system capacity! > 2008-03-13 15:08:24 system crit 00051 Session utilization has reached > 28857, > which is 90% of the system capacity! > 2008-03-13 15:08:19 system crit 00051 Session utilization has reached > 28857, > which is 90% of the system capacity! > 2008-03-13 15:08:18 system crit 00051 Session utilization has reached > 28857, > which is 90% of the system capacity! > 2008-03-13 15:08:16 system crit 00051 Session utilization has reached > 28857, > which is 90% of the system capacity! > > How do I troubleshoot this? What are those sessions? How do I identify > them? How do I limit them? Is it a good thing to limit them? > > I don't know where to start, so any idea will be appreciated. > > Thanks > > Vincent > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- Mark Kamichoff [EMAIL PROTECTED] http://prolixium.com/ Rensselaer Polytechnic Institute, Class of 2004
signature.asc
Description: Digital signature
_______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp