Palo Alto Networks Knowledgebase: How to View Session Statistics from the CLI

How to View Session Statistics from the CLI

22876
Created On 02/08/19 00:00 AM - Last Updated 02/08/19 00:01 AM
Content Release Deployment
Resolution

Overview

The CLI command show system statistics displays packet rate, throughput, and session count information. The command can also be used to show the statistics for the top 20 applications. 

 

 

For session statistics:

 

> show system statistics session

System Statistics: ('q' to quit, 'h' for help)                                                                                                                                      


Device is up          : 52 days 5 hours 0 min 37 sec
Packet rate           : 174/s
Throughput            : 113 Kbps
Total active sessions : 17
Active TCP sessions   : 4
Active UDP sessions   : 13
Active ICMP sessions  : 0

 

For application statistics:

> show system statistics application (vsys vsysX)

Top 20 Application Statistics: ('q' to quit, 'h' for help)    

Virtual System: vsys1
application                      sessions   packets bytes
-------------------------------- ---------- ------------ ------------
ipsec-esp-udp                    92         25336686     18944787469
ssl                              169699     2041979 1005926367
dns                              3194281    6090888 801709401
ms-product-activation            13821      412855 292067481
freegate                         7          173002 150999881
kerberos                         235555     468176 128824746
dhcp                             75849      319988 109928453
google-base                      4011       221217 65967821
rtp-base                         1          39188        47817228
google-update                    2          13568        17571452
windows-azure-base               1079       27976        13138354
windows-push-notifications 492      66341        11988679
rtp-audio                        2          20148        4512504
dropbox-base                     1293       17326        3025776
ntp                              16971      33164        2984760
spotify                          15892      31069        2671934
stun                             188        12255        1811545
snmp-base                        3541       17221        1549591
ping                             11826      16049        1477782

 

When running either of the commands above, the following keys will trigger the corresponding options:

 

Help: ('q' to quit, 'h' for help)                           

You can type the following key to switch what to display
--------------------------------------------------------
'a' - Display application statistics
'h' - Display this help page
'q' - Quit this program
's' - Display system statistics

 Note: it is possible to switch between views

 

A snapshot with additional details can be obtained by issueing the show session info command that reflects dataplane usage and additional session parameters:

 

> show session info

target-dp:                                       *.dp0
--------------------------------------------------------------------------------
Number of sessions supported:                    262142
Number of allocated sessions:                    21
Number of active TCP sessions:                   2
Number of active UDP sessions:                   19
Number of active ICMP sessions:                  0
Number of active GTPc sessions:                  0
Number of active GTPu sessions:                  0
Number of pending GTPu sessions:                 0
Number of active BCAST sessions:                 0
Number of active MCAST sessions:                 0
Number of active predict sessions:               0
Session table utilization:                       0%
Number of sessions created since bootup:         4406165
Packet rate:                                     70/s
Throughput:                                      37 kbps
New connection establish rate:                   0 cps
--------------------------------------------------------------------------------
Session timeout
  TCP default timeout:                           3600 secs
  TCP session timeout before SYN-ACK received:      5 secs
  TCP session timeout before 3-way handshaking:    10 secs
  TCP half-closed session timeout:                120 secs
  TCP session timeout in TIME_WAIT:                15 secs
  TCP session delayed ack timeout:                250 millisecs
  TCP session timeout for unverified RST:          30 secs
  UDP default timeout:                             30 secs
  ICMP default timeout:                             6 secs
  other IP default timeout:                        30 secs
  Captive Portal session timeout:                  30 secs
  Session timeout in discard state:
    TCP: 90 secs, UDP: 60 secs, other IP protocols: 60 secs
--------------------------------------------------------------------------------
Session accelerated aging:                       True
  Accelerated aging threshold:                   80% of utilization
  Scaling factor:                                2 X
--------------------------------------------------------------------------------
Session setup
  TCP - reject non-SYN first packet:             True
  Hardware session offloading:                   True
  IPv6 firewalling:                              True
  Strict TCP/IP checksum:                        True
  ICMP Unreachable Packet Rate:                  200 pps
--------------------------------------------------------------------------------
Application trickling scan parameters:
  Timeout to determine application trickling:    10 secs
  Resource utilization threshold to start scan:  80%
  Scan scaling factor over regular aging:        8
--------------------------------------------------------------------------------
Session behavior when resource limit is reached: drop
--------------------------------------------------------------------------------
Pcap token bucket rate                         : 10485760
--------------------------------------------------------------------------------
Max pending queued mcast packets per session   : 0
--------------------------------------------------------------------------------

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClZKCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language