|
|
|
Description The IPS performance counters measure the percentage of CPU consumed by each IPS protection. The measurement itself is divided according to the type of protection: Pattern based protections or INSPECT based protections. In addition, the IPS counters measure the percentage of CPU used by each section ("context") of the protocol, and each protocol parser.
Syntax
> fw ctl zdebug >& outputfile
> fw ctl sdstat start
> fw ctl sdstat stop
Parameter |
Description |
|---|---|
|
Turn on debug mode and specify an output file. |
|
Activate the IPS counters |
|
Print a report and stop the counters. |
Example The workflow is as follows:
Run the following commands on the Check Point Security Gateway (version R70 or higher):
On the Check Point Security Gateway:
fw ctl zdebug >& outputfilefw ctl sdstat startLet the counters run. However- do not leave the counters on for more than 10 minutes.
fw ctl sdstat stopIt is important to stop the counters explicitly, otherwise there may be performance penalty
This generates the output file outputfile that must be processed on the (SecurePlatform only) Security Management Server.
On the Security Management Server:
$FWDIR/script, run the script./sdstat_analyse.csh outputfileThe output of the script is a report in csv format that can be viewed in Microsoft Excel.
If there is a problem in the report, or if more details are needed, a debug flag is available which prints extra information to outputfile.
fw ctl zdebug + spii >& outputfileExample Debug Message |
Explanation |
|---|---|
|
User tried to create a report without initializing the counters, or an error occurred during initialization and the user then tried to print a report. |
|
The measurement process failed and the total time units for IPS is zero. |
Comments
sdstat_analyse script may contain a number instead of a protection name. This is because the original output contains a signature id, but the id is missing from the Security Policy on the Gateway.