admin@PA-7050>
show running resource-monitor ingress-backlogs
-- SLOT:s1, DP:dp1 -- USAGE - ATOMIC: 92% TOTAL: 93%
TOP SESSIONS:SESS-ID PCT GRP-ID COUNT
6 92% 1 156 7 1732
SESSION DETAILS SESS-ID PROTO SZONESRC SPORT DST DPORT IGR-IF EGR-IF APP
6 6 trust 192.168.2.35 55653 10.1.8.89 80 ethernet1/21 ethernet1/22 undecided
The
command displays a maximum of the top five sessions that each use
2% or more of the on-chip packet descriptor.
The sample output
above indicates that Session 6 is using 92% of the on-chip packet
descriptor with TCP packets (protocol 6) coming from source IP address
192.168.2.35.
SESS-ID
—Indicates the global
session ID that is used in all other
show session
commands.
The global session ID is unique within the firewall.
GRP-ID
—Indicates an internal stage of processing packets.
COUNT
—Indicates how many packets are in that GRP-ID
for that session.
APP
—Indicates the App-ID extracted from the Session
information, which can help you determine whether the traffic is
legitimate. For example, if packets use a common TCP or UDP port
but the CLI output indicates an APP of
undecided
,
the packets are possibly attack traffic. The APP is
undecided
when
Application IP Decoders cannot get enough information to determine
the application. An APP of
unknown
indicates
that Application IP Decoders cannot determine the application; a
session of
unknown
APP that uses a
high percentage of the on-chip packet descriptor is also suspicious.
To
restrict the display output:
On a PA-7000 Series model only,
you can limit output to a slot, a dataplane, or both. For example:
admin@PA-7050>
show running resource-monitor ingress-backlogs slot s1
admin@PA-7050>
show running resource-monitor ingress-backlogs slot s1 dp dp1
On
PA-5200 Series and PA-7000 Series models only, you can limit output
to a dataplane. For example:
admin@PA-5260>
show running resource-monitor ingress-backlogs dp dp1