The firewall monitor session command enables the function of recording information such as 5-tuples and discard cause for TCP or SCTP packets as well as session creation and forcible aging information in the service flows that match IPv4 ACLs.
The undo firewall monitor session command disables the function.
| Parameter | Description | Value |
|---|---|---|
acl-number |
Indicates the number of an ACL. |
The value is an integer ranging from 3000 to 3999. |
By default, this function is disabled.
Application Scenario
Run the display firewall monitor session command.
This method displays a maximum of only 2048 information entries.
View log file sess_mon.log.
Log file sess_mon.log is generated after the number of information entries displayed by the display firewall monitor session command exceeds 2000. The system will store the 2000 entries to log file sess_mon.log and clear statistics displayed by the display firewall monitor session command. The sess_mon.log file is 10 MB at the maximum and can store around 60,000 information entries. The storage path of the sess_mon.log file is as follows:
hda1:/monlog/sess_mon.log
View compressed log file sess_mon.log.zip.
sess_mon.log.zip is generated after the size of sess_mon.log exceeds 10 MB. The system dumps the 10 MB log file information to sess_mon.log.zip and clears the records in sess_mon.log after the dumping succeeds. When the size of sess_mon.log reaches 10 MB again, the newly compressed information will overwrite the information compressed previously. The storage path of compressed log file sess_mon.log.zip is as follows:
hda1:/monlog/sess_mon.log
Precautions
After you enable this function, ACL match shall be performed for connection establishment and termination packets, affecting the performance. The degree to which the performance is affected increases with the number of referenced ACL rules. Do not enable this function when the number of referenced ACL rules exceeds 10 or the CPU usage exceeds 70%.