Monitoring Service Policies

You can monitor service-policy related information using the device CLI. Following are some useful commands.

• show conn [detail]

  Shows connection information. Detailed information uses flags to indicate special connection characteristics. For example, the “b” flag indicates traffic subject to TCP State Bypass.

  When you use the detail keyword, you can see information about Dead Connection Detection (DCD) probing, which shows how often the connection was probed by the initiator and responder. For example, the connection details for a DCD-enabled connection would look like the following:

  
  TCP dmz: 10.5.4.11/5555 inside: 10.5.4.10/40299,
      flags UO , idle 1s, uptime 32m10s, timeout 1m0s, bytes 11828, 
  cluster sent/rcvd bytes 0/0, owners (0,255)
    Traffic received at interface dmz
          Locally received: 0 (0 byte/s)
    Traffic received at interface inside
          Locally received: 11828 (6 byte/s)
    Initiator: 10.5.4.10, Responder: 10.5.4.11
    DCD probes sent: Initiator 5, Responder 5
  

• show service-policy

  Shows service policy statistics, including Dead Connection Detection (DCD) statistics.

• show threat-detection statistics top tcp-intercept [all | detail]

  View the top 10 protected servers under attack. The all keyword shows the history data of all the traced servers. The detail keyword shows history sampling data. The system samples the number of attacks 30 times during the rate interval, so for the default 30 minute period, statistics are collected every 60 seconds.