How to Monitor Cisco PIX or ASA Firewall caching statistics – Websense
If you have enabled caching on your Cisco security appliance, check URL cache statistics by entering the following command.
sh url-cache stats
The command shows the following information.
- Size - the size of the cache in kilobytes, which you set with the url-cache size option.
- Entries - the maximum number of cache entries, based on the cache size.
- In Use - the current number of entries in the cache.
- Lookups - the number of times Firewall looked for a cache entry.
- Hits - the number of times Firewall found an entry in the cache.
Check PIX Firewall or ASA real-time performance
You can also monitor the performance of the Cisco security appliance itself. While the Firewall system is running, use the following command.
sh perfmon
The command shows real-time system health details, in the following format.
PERFMON STATS: Current Average Xlates 33/s 20/s Connections 110/s 10/s TCP Conns 50/s 42/s WebSns Req 4/s 2/s TCP Fixup 20/s 15/s HTTP Fixup 5/s 5/s FTP Fixup 7/s 4/s AAA Authen 10/s 5/s AAA Author 9/s 5/s AAA Account 3/s 3/s
The most important pieces information in these statistics are the Connections and the WebSns Req (Websense Requests) entries. The values for these items tell you how many connections are passing through the Firewall, and how many requests are being sent to the Websense Filtering Service. In most integrations, where caching is enabled, the number of connections is usually larger than the number of Websense requests.
Constantly monitor PIX Firewall or ASA real-time performance
You can set the Cisco security appliances (PIX Firewall and ASA) to continuously show performance statistics on the console. Use the following commands to configure real-time monitoring.
perfmon interval 30 perfmon verbose
In the above statement,
- The interval value indicates how many seconds pass between display updates. In the example, the display updates every 30 seconds.
- The verbose entry forces the statistics onto the console.
To stop real-time monitoring, use the next command.
perfmon quiet
It is best to participate in a contest for among the finest blogs on the web. I will suggest this site!