How to View Active Session Information Using the CLI

Overview

This document describes how to view the active session information on the CLI.

Details

To view the active sessions run the  command:

> show session all filter state active

-------------------------------------------------------------------------------
ID/vsys  application    state  type flag  src[sport]/zone/proto (translated IP[port])
                                              dst[dport]/zone (translated IP[port]
-------------------------------------------------------------------------------

35299/1  facebook       ACTIVE  FLOW        10.16.2.100[52648]/corp-trust/6 (10.16.2.100[52648])
                                            69.63.176.170[80]/corp-untrust (69.63.176.170[80])
32026/1  ssl            ACTIVE  FLOW        10.16.3.220[45307]/corp-untrust/6 (10.16.3.220[45307])

To show all the information for a specific session ID, use the command:

> show session id 

> show session id 35299

session    35299
        c2s flow:
                source:  x.x.x.x[corp-trust]
                dst:      x.x.x.x
                sport:    52648        dport:    80
                proto:    6            dir:      c2s
                state:    INIT          type:    FLOW
                ipver:    4     
                src-user: unknown
                dst-user: unknown
        s2c flow:
                source:  x.x.x.x[corp-untrust]
                dst:      x.x.x.x
                sport:    80            dport:    52648
                proto:    6            dir:      s2c
                state:    INIT          type:    FLOW
                ipver:    4     
                src-user: unknown
                dst-user: unknown
        start time            : Thu May 28 11:31:58 2009
        timeout              : 30 sec
        total byte count      : 1603
        layer7 packet count  : 13
        vsys                  : vsys1
        application          : facebook
        rule                  : rule38
        session to be logged at end      : yes
        session in session ager          : no
        session sync'ed from HA peer    : no
        layer7 processing                : enabled
        URL filtering enabled            : yes
        URL category                    : personal-sites-and-blogs
        session QoS rule index          : default (class 4)

At a per-vsys-level, use the following command to view active sessions:

> show session all filter vsys-name < vsys >state active

> show session all filter vsys-name vsys1 state active

--------------------------------------------------------------------------------

ID          Application    State   Type Flag  Src[Sport]/Zone/Proto (translated IP[Port])

Vsys                                          Dst[Dport]/Zone (translated IP[Port])

--------------------------------------------------------------------------------

67137512     ldap           ACTIVE  FLOW  NS   192.168.55.218[62453]/trust-L3/17  (10.66.22.55[17114])

vsys1                                          10.66.22.243[389]/dmz-L3  (10.66.22.243[389])

67137503     ldap           ACTIVE  FLOW  NS   192.168.55.218[54391]/trust-L3/17  (10.66.22.55[20289])

vsys1                                          10.66.22.243[389]/dmz-L3  (10.66.22.243[389])

67137521     ldap           ACTIVE  FLOW  NS   192.168.55.218[49393]/trust-L3/17  (10.66.22.55[64245])

vsys1                                          10.66.22.243[389]/dmz-L3  (10.66.22.243[389])

67137501     ldap           ACTIVE  FLOW  NS   192.168.55.218[53507]/trust-L3/17  (10.66.22.55[23654])

vsys1                                          10.66.22.243[389]/dmz-L3  (10.66.22.243[389])

67137489     ldap           ACTIVE  FLOW  NS   192.168.55.218[64742]/trust-L3/17  (10.66.22.55[10889])

vsys1                                          10.66.22.243[389]/dmz-L3  (10.66.22.243[389])

67137523     ssl            ACTIVE  FLOW  NS   192.168.55.218[4958]/trust-L3/6  (10.66.24.55[61829])

vsys1                                          74.125.227.233[443]/untrust-L3  (74.125.227.233[443])

owner: wtam