ips stats

Description

This tool generates a reportClosed Summary of network activity and Security Policy enforcement that is generated by Check Point products, such as SmartEvent. that includes both IPSClosed Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System). and Pattern Matcher statistics.

The report can help administrators and protection writers analyze, which IPS protections or IPS components cause performance issues.

The output files are located in the $FWDIR/ips/statistics_results/ directory.

On a StandaloneClosed Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server., the tool creates a directory for each specified IP address.

The output files are:

File

Description

ips.dbg

Contains the raw report, which contains all the information.

ips_stat_output_file.csv

Contains the report with the IPS statistics.

pm_output_file.csv

Contains the statistics for the Pattern Matcher.

tier1_output_file.csv

Contains the statistics for the Pattern Matcher first tier.

tier2_output_file.csv

Contains the statistics for the Pattern Matcher second tier.

Syntax

ips stats -h

ips stats

ips stats <Seconds>

ips stats -g <Seconds>

ips stats <IP Address of Gateway>

ips stats <IP Address of Gateway> <Seconds>

ips stats <IP Address of Gateway> -m

Important:

Parameters

Parameter

Description

ips stats -h

Shows the applicable built-in usage.

ips stats

Available only in Standalone configurations.

Collects the IPS and Pattern Matcher statistics on the Standalone computer during 20 seconds.

ips stats <Seconds>

Available only in Standalone configurations.

Collects the IPS and Pattern Matcher statistics on the Standalone computer during the specified number of seconds.

ips stats -g <Seconds>

Manual Mode on the current Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

Important - You must use this command on a VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Gateway.

Collects the IPS and Pattern Matcher statistics during the specified number of seconds.

The output file is /ips_tar.tgz (in the root partition)

For analysis, you must copy this file to the root partition on the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

ips stats <IP Address of Gateway>

Collects the IPS and Pattern Matcher statistics for the Security Gateway with the main specified IP address during 20 seconds.

ips stats <IP Address of Gateway> <Seconds>

Collects the IPS and Pattern Matcher statistics for the Security Gateway with the main specified IP address during the specified number of seconds.

ips stats <IP Address of Gateway> -m

Available only on the Management Server.

Runs an analysis on the output file /ips_tar.tgz that you collected from the Security Gateway with the main specified IP address.

Related SK article

sk43733: How to measure CPU time consumed by IPS protections.

Example 1 - Collect the statistics on the Security Gateway with IP address 192.168.20.14 during 40 seconds

ips stats 192.168.20.14 40

Example 2- Collect the statistics on the current Security Gateway during 30 seconds

ips stats -g 30

Example - Analyze the statistics you collected from the Security Gateway with IP address 192.168.20.14

ips stats 192.168.20.14 -m