How to Monitor Cisco PIX or ASA Firewall caching statistics – Websense
If you have enabled caching on your Cisco security appliance, check URL cache statistics by entering the following command.
sh url-cache stats
The command shows the following information.
- SizeÂ - the size of the cache in kilobytes, which you set with theÂ url-cache sizeÂ option.
- EntriesÂ - the maximum number of cache entries, based on the cache size.
- In UseÂ - the current number of entries in the cache.
- LookupsÂ - the number of timesÂ Firewall looked for a cache entry.
- HitsÂ - the number of timesÂ Firewall found an entry in the cache.
You can also monitor the performance of the Cisco security appliance itself. While the Firewall system is running, use the following command.
The command shows real-time system health details, in the following format.
PERFMON STATS: Current Average Xlates 33/s 20/s Connections 110/s 10/s TCP Conns 50/s 42/s WebSns Req 4/s 2/s TCP Fixup 20/s 15/s HTTP Fixup 5/s 5/s FTP Fixup 7/s 4/s AAA Authen 10/s 5/s AAA Author 9/s 5/s AAA Account 3/s 3/s
The most important piecesÂ information in these statisticsÂ are theÂ ConnectionsÂ and theÂ WebSns ReqÂ (Websense Requests) entries. The values for these items tell you how many connections are passing through the Firewall, and how many requests are being sent to the Websense Filtering Service. In most integrations, where caching is enabled, the number of connections is usually larger than the number of Websense requests.
You can setÂ the Cisco security appliances (PIX Firewall and ASA) to continuously show performance statistics on the console. Use the following commands to configure real-time monitoring.
perfmon interval 30 perfmon verbose
In the above statement,
- TheÂ intervalÂ value indicates how many seconds pass between display updates. In the example, the display updates every 30 seconds.
- TheÂ verboseÂ entry forces the statistics onto the console.
To stop real-time monitoring, use the next command.