Documentation Search
scio subs
Syntax
scio subs option argument
Description
Displays statistics for the IDP subscriber and enables you to manage subscriber settings. The IDP subscriber is a process that associates traffic with the IDP engine. By default, all virtual circuits belong to the subscriber named s0. We test and support only configurations where the default subscriber s0 is used.
Options
Table 1 describes options and arguments to the scio subs command and provides examples of command syntax.
Table 1: Command Reference: scio subs
Options | Usage and Examples |
|---|---|
list | Lists the virtual circuits and NICs associated with the subscriber s0. [root@defaulthost admin]# scio subs
list Defined Subscribers:
Subscriber V-Circuit NIC
---------- --------- ----
s0 eth11 eth11
eth10 eth10
eth9 eth9
eth8 eth8
eth7 eth7
eth6 eth6
eth5 eth5
eth4 eth4
eth3 eth3
eth2 eth2
|
aggregatestatus subscriber | For IDP8200, use this option instead of scio subs stats s0 to display aggregated status statistics for the IDP Series device. The scio subs stats s0 displays status per IDP engine. [root@defaulthost admin]# scio subs
aggregatestatus s0Aggregate Status for subs 's0'
Packets/second: 54 peak: 4000
KBits/second: 360 peak: 15207
Packets received: icmp 63580, tcp 15663286, udp 15550659, other 16125996
Current flows: icmp 0, tcp 1680, udp 26104, other 8288
Current sessions: icmp 0, tcp 840, udp 8702, other 4144
Current bypassed flows : 0
Current policy: Recommended v0
|
attach subscriber vc-name | Associates a virtual circuit with the subscriber instance. [root@defaulthost admin]# scio subs
attach s0 eth2 |
overflow [get subscriber | set subscriber overflow_module threshold | change subscriber overflow_module threshold] | Gets or sets overflow parameters. [root@defaulthost admin]# scio subs
overflow get s0 subs overflow: subscriber=s0 mode=0 threshold=0 |
qmodules subscriber | Lists qmodules associated with a subscriber. A qmodule is a module of code related to an IDP Series function or feature. [root@defaulthost admin]# scio subs
qmodules s0 Qmodules for subs 's0'
flow - Performs flow lookups, flow/session creation and policy lookups
ape - Application Policy Enforcement
ipblocker - IDS ip action module
pre-ids filter - Weeds out unwanted sessions before entering the IDS modules
tsig - Performs Traffic Signature detection
seqack - Translates TCP SEQ/ACK numbers
syndef - Provides defense against SYN attack
portfaker - Fakes active ports on the network to catch hackers
reass - Tracks a TCP connection and reorders packets
ptype - Detects protocol type using content and statistical analysis
ids - Detects intrusion attempts based on a library of attack signatures
backdoor - Detects backdoor activity using statistical analysis
iprouter - Routes packets to the appropriate virtual circuit
|
qmodstats subscriber | Displays statistics and counters aggregated by qmodule. [root@defaulthost admin]# scio subs
qmodstats s0 Qmodules Statistics for subs 's0' (time in micro seconds)
Q-Module Min.Time Max.Time Ave.Time #Pkt. #Pkt.Drop #Pkt.Error
flow 0 0 0 1373573 194 0
ape 0 0 0 97130 37288 0
ipblocker 0 0 0 0 0 0
pre-ids filter 0 0 0 0 0 0
tsig 0 0 0 0 0 0
seqack 0 0 0 0 0 0
syndef 0 0 0 0 0 0
portfaker 0 0 0 0 0 0
reass 0 0 0 1095300 0 0
ptype 0 0 0 0 0 0
ids 0 0 0 41882 0 0
backdoor 0 0 0 0 0 0
iprouter 0 0 0 1336112 0 0
Qmodules Performance Monitor Counters for subs 's0' (average count per packet)
Q-Module Cycles Insts CPI Misses Hits #Pkt.
flow 0 0 0.00 0 0 1373573
ape 0 0 0.00 0 0 97130
ipblocker 0 0 0.00 0 0 0
pre-ids filter 0 0 0.00 0 0 0
tsig 0 0 0.00 0 0 0
seqack 0 0 0.00 0 0 0
syndef 0 0 0.00 0 0 0
portfaker 0 0 0.00 0 0 0
reass 0 0 0.00 0 0 1095300
ptype 0 0 0.00 0 0 0
ids 0 0 0.00 0 0 41882
backdoor 0 0 0.00 0 0 0
iprouter 0 0 0.00 0 0 1336112
|
release subscriber vc-name | Releases the association that was created with scio subs attach. [root@defaulthost admin]# scio subs
release s0 eth2 |
reset subscriber | Resets statistics. [root@defaulthost admin]# scio subs
reset s0 |
rulestats subscriber | Displays a counter security policy rules used in traffic processing. Each session match increments the counter for the rule. [root@defaulthost admin]# scio subs
rulestats s0ape ids 1 0 0 |
service detail subscriber | Displays the active and total session count, by service. [root@defaulthost admin]# scio subs
service detail s0 Service Session Count Table:
| Service | Active | Total |
|-----------+----------+----------|
FTP 86 86
RLOGIN 21 21
PORTMAPPER 100 100
HTTP 730 730
SMTP 38 38
POP3 76 76
IMAP 10 10
TELNET 52 52
ICMP 116 116
DNS 50 52
SSH 1 1
SNMP 11 11
DHCP 17 17
TFTP 21 21
|
status subscriber | Provides a summary of status and performance statistics. [root@defaulthost admin]# scio subs
status s0Status for subs 's0'
up since - Thu Aug 12 17:18:53 2010
Packets/second: 11 peak: 27027 @ Thu Aug 12 17:20:01 2010
KBits/second: 25 peak: 99724 @ Thu Aug 12 17:20:01 2010
Packets received: icmp 30227, tcp 254924, udp 24019, other 0
Current flows: icmp 0, tcp 2, udp 34661, other 0
Current sessions: icmp 0, tcp 1, udp 11893, other 0
Current bypassed flows : 0
Current bypass mode : OFF
Latency Statistics (time in micro seconds):
Min: 0 Max: 0 Ave: 0
Performance statistics
Average packet lifetime:
Cycles: 0 Instructions: 0 CPI: 0.00 Cache misses: 0 hits: 0
Current policy: idpengine v0
For IDP8200, a summary is displayed for each IDP engine. To view an aggregate summary for IDP8200 devices, use scio subs aggregatestatus s0. |
