SmartView Monitor Commands
Overview
Description The rtm command and all its derivatives are used to execute SmartView Monitor operations.
rtm debug
Description Send debug printouts to the $FWDIR/log/rtmd.elg file.
Usage rtm debug <on | off> [OPSEC_DEBUG_LEVEL | TDERROR_<AppName>_<Topic>=<ErrLevel>]
Syntax
Parameter
|
Description
|
on
|
Start debug mode
|
off
|
Stop debug mode
|
OPSEC_DEBUG_LEVEL
|
Turn on OPSEC debug printouts
|
TDERROR_RTM_ALL
|
Turn on SmartView Monitor debug printouts
|
rtm drv
Description Start, stop or check the status of the SmartView Monitor kernel driver.
Usage rtm drv <on | off | stat>
Syntax
Parameter
|
Description
|
on
|
Start the SmartView Monitor kernel driver
|
off
|
Stop the SmartView Monitor kernel driver
|
stat
|
SmartView Monitor kernel driver status
|
rtm monitor <module_name>{<interface_name>|-filter "<complex filter>"}
Description Starts the monitoring process and specify parameters for monitoring an interface.
Usage rtm monitor <module_name><interface_name>[options]-g<grouping>
[entity-1...entity-n]
or
rtm monitor <module_name>-filter["complex filter"][options]-g<grouping>
[entity-1...entity-n]
Syntax
Parameter
|
Description
|
-a
|
<aggregate|individual>
|
-w
|
<bandwidth|loss|rtt>
|
-t
|
<wire|application>
|
-i
|
<number of seconds>
|
@@
|
specifies subrule
(for example, 'rule@@subrule')
|
default values
|
'-y bytes -a aggregate -w bandwidth -i2
|
grouping types
|
svc|src|dst|ip|fgrule|topsvc|topsrc|topdst|topip|topfw|topfgrule
|
module-name
|
The name of the SmartView Monitor module.
|
interface-name
|
The name of the monitored interface.
|
-d
|
Specifies one of the following monitor directions:
- inbound
- outbound
- eitherbound
|
inbound
|
Monitors the inbound direction.
|
outbound
|
Monitors the outbound direction.
|
eitherbound
|
Monitors both directions.
|
-y
|
Specifies one of the following measurement units:
- bytes
- pkts
- line
|
c
|
Indicates the number of new connections opened per second.
|
C
|
Average concurrent connections
|
-a
|
Aggregate - displays a specific type of connections as an aggregate.
Individual - displays a specific type of connections as an individual. The default is eitherbound.
|
-g
|
Specifies one of the following grouping options for monitored traffic:
- svc
- src
- dst
- ip
- fgrule
- topsvc
- topsrc
- topdst
- topdst
- topfwm
- topfgrule
|
svc
|
Monitors according to a service.
|
src
|
Monitors according to a network object (source only).
|
dst
|
Monitors according to a network object (destination only).
|
ip
|
Monitors according to a network object (source and destination).
|
fgrule
|
Monitors according to a QoS Policy rule.
|
topsvc
|
Monitors the traffic of the top 50 services.
|
topsrc
|
Monitors the traffic of the top 50 sources.
|
topdst
|
Monitors the traffic of the top 50 destinations.
|
topdst
|
Monitors traffic to and from the top 50 IP addresses (source of destination).
|
topfwn
|
Monitors according to the top 50 Firewall rules.
|
topfgrule
|
Monitors according to the top 50 QoS Policy rules.
|
-p
|
Specifies whether or not thousands will be separated by commas.
|
-filter
|
["<complex filter>"] Only monitors traffic that matches the complex -filter Boolean expression.
|
Example The following command line displays monitoring data in bytes-per-sec for the top 50 services passed on any interface in both directions:
rtm monitor localhost -filter -g topsvc
The following command will display monitoring data in Concurrent-Connections for the top 50 sources passed on interface eth0, inbound (that is, not telnet of http).
rtm monitor localhost -filter "[and[[interface 0 [[eth0in]]][svc 1 [telnet http]]]" -y C -g topsrc
The default monitors all traffic on any interface in both directions.
Comments The specified entities should correspond to the specified grouping option. For example, if the monitoring process works according to a service (svc), all of the monitored services should be listed and separated by single spaces.
When monitoring occurs according to the QoS Policy rule (fgrule), 'rule@@subrule" should be used to specify a subrule entity.
There is no need to specify the top grouping options since they automatically monitor the top 50 entities according to the specified group.
Example The following command displays monitoring data in bytes-per-sec for the top 50 services passed on interface hme1.
rtm monitor localhost hme1 -g topsvc -y b
rtm monitor <module_name>-v<virtual_link_name>
Description Start the monitoring process and specifies parameters for monitoring a Virtual Link.
Usage rtm monitor <module_name>-v<virtual_link_name>[options]entity-1...
entity-n
Syntax
Parameter
|
Description
|
module-name
|
The name of the SmartView Monitor module.
|
virtual-link-name
|
The name of the monitored Virtual Link.
|
-d
|
Specifies one of the following monitoring directions:
- a2b
- b2a
- a2b_b2a
|
a2b
|
Monitors End Point A to End Point B.
|
b2a
|
Monitors End Point B to End Point A.
|
a2b_b2a
|
Monitors both directions.
|
-y
|
Specifies one of the following measurement units. It is only required when the -w value is bandwidth.
- bytes
- pkts
|
-w
|
Specifies the displayed data type.
|
bandwidth
|
Displays the effective bandwidth.
|
loss
|
Displays the difference between the transmission rate and the receiving rate.
|
rtt
|
Displays the time required to make the round trip between the two End Points.
|
-t
|
Specifies the data type. It is only required when the -w value is bandwidth.
|
wire
|
Shows the data on the wire after compression or encryption.
|
application
|
Shows the data as the application sees it (that is, not compressed and not encrypted).
|
rtm rtmd
Description Start the SmartView Monitor daemon manually. This also occurs manually when rtmstart is run.
Usage rtm rtmd
rtm stat
Description Display the general SmartView Monitor status. In addition, it displays the status of the daemon, driver, opened views and active virtual links.
Usage rtm stat [flavor(s)] [-h] [-v[v][v]]
Syntax
Parameter
|
Description
|
-h
|
Help
|
-v
|
Verbose
|
vl
|
Current virtual links
|
view
|
Current views
|
rtm ver
Description Display the SmartView Monitor version.
Usage rtm ver [-k]
Syntax
Parameter
|
Description
|
-k
|
Displays the SmartView Monitor kernel version.
|
rtmstart
Description Load the SmartView Monitor kernel module and starts the SmartView Monitor daemon.
Usage rtmstart
rtmstop
Description Kill the SmartView Monitor daemon and unloads the SmartView Monitor kernel module.
Usage rtmstop
|
