rtm monitor
Description
Starts the monitoring process for an interface or a Virtual Link.
If options and grouping are not used, this command monitors all traffic, on all interfaces, in both directions.
Syntax
rtm monitor vl <Virtual_Link_Name> [-t {wire | application}] [-h <Module>]
|
rtm monitor <Key_1> [<Key_2> [<Key_3>] [<Key_4>]] <Value_Column_1> [<Value_Column_2> [<Value_Column_3>] [<Value_Column_4>] [<Value_Column_5>] [<Value_Column_6>]] [<Filter>] [<Options>]
|
Parameters
Parameter
|
Description
|
No Parameters
|
Shows the built-in usage and examples.
|
<Virtual_Link_Name>
|
Specifies the name of the monitored Virtual Link.
|
-t {wire | application}
|
Specifies how to show the data:
wire - Shows the data on the wire after compression, or encryption.application - Shows the data as the application sees it (not compressed and not encrypted).
|
-h <Module>
|
Specifies the Security Gateway by its IP address, or resolvable hostname.
|
<Key_1> [... [<Key_4>]]
|
Specifies up to four keys in this format:
-k <Key_Type> [<Key_Atrr>] [<Entity_1> ... <Entity_N>]
|
|
- The
<Key_Type> can be one of these:
|
<Value_Column_1> [... [<Value_Column_6>]]
|
Specifies up to six column values in this format:
-v <Value Type> [<Accumulate Mode>] [<Sort Mode>] [<Direction Filter>] [<Encryption Filter>]
|
|
- The
<Value Type> can be one of these:ab - Shows application bytesconn - Shows connectionspkt - Shows packetssession - Shows sessionswb - Shows wire-bytes
|
|
- The
<Accumulate Mode> can be one of these:- If
<Value Type>=ab:acc=lineUtil
acc=rate (default)
acc=sum
- If
<Value Type>=conn:acc=concurrent (default)
acc=new
- If
<Value Type>=pkt:acc=rate (default)
acc=sum
- If
<Value Type>=session:acc=new
- If
<Value Type>=wb:acc=lineUtil
acc=rate (default)
acc=sum
|
|
- The
<Sort Mode> can be one of these:sort=top (default for all views)sort=bottomsort=none (default for specific views)
|
|
- The
<Direction Filter> can be one of these:dir=indir=outdir=both (default)
|
|
- The
<Encryption Filter> can be one of these:enc=yesenc=noenc=both (default)
|
<Filter>
|
Specifies the filter that can be one of these:
|
|
The <Filter_Type> can be one of these:
|
<Options>
|
Specifies these options:
-e <Export File Name> - Specifies the path and the name of the file, in which the command saves its output.-h <Module> - Specifies the Security Gateway by its IP address, or resolvable hostname. Default is localhost.-i <Interval in Seconds> - The command runs in the loop and shows the output every specified number of seconds. Default is 2 sec.-m {raw | resolve | both} - Specifies how to resolve the names. Default is both.-s {top | bottom | none} [index=<1...6>] [updates=<1...200>] - Specifies how to sort the output. If you specify none, the defaults are: index=1 and updates=50.
|
Notes
Example 1
This command shows top services (based on bytes per seconds) on external interfaces in the inbound direction:
rtm monitor -f interface external,in -k svc -v w
|
Example 2
This command shows top Access Control rules (based on average concurrent connections):
rtm monitor -k fwrule -v conn acc=concurrent
|
Example 3
This command shows Individual HTTP connections (bytes per second):
rtm monitor -f svc http -k svc -k connId -v wb
|
Example 4
This command shows bottom inbound IP addresses versus outbound IP addresses (based on packets per interval):
rtm monitor -k ip -v pkt dir=in acc=sum -v pkt dir=out acc=sum -v pkt acc=sum sort=bottom -i 10
|
Example 5
This command shows top tunnels (based on average concurrent connections):
rtm monitor -f tunnelType not 0 -k tunnel -k tunnelType -v conn -m resolve
|
Example 6
This command shows packet size distribution (based on packets per interval):
rtm monitor -k pktRange 0-99 100-499 500-999 1000-1999 ">2000" -v pkt acc=sum -i 1
|
Example 7
This command shows top URLs (based on sessions per seconds) - host part only:
rtm monitor -k url url_mod=host -v session
|
