Getting Check Point Firewall general statistics - fw ctl pstat

book

Article ID: 168108

calendar_today

Updated On:

Products

XOS

Issue/Introduction

Presents type of data shown by "fw ctl pstat" commandN/A

Cause

To gather statistics about Check Point applications.

Resolution

General statistics about Check Point firewall can be gathered using the following command:
# fw ctl pstat

The output presents statistics and data about:
- Memory: Hash kernel memory, System kernel memory, Kernel memory
- Kernel stacks
- INSPECT
- Cookies
- Connections
- Fragments
- NAT
- Sync
- Handles (when called with -l switch)

Checking those data usually gives rough idea of system busyness, memory and possible problems from performance perspective.

It's often good to gather stats couple of times over period of time in order to observe trend over measured period of time.

### Example output of fw ctl pstat -l
vsxr65_1 (X80-4): [vs0] root$ fw ctl pstat -l

Hash kernel memory (hmem) statistics:
Total memory allocated: 67108864 bytes in 8176 8KB blocks using 16 pools
Total memory bytes used: 6274772 unused: 60834092 (90.65%) peak: 4289010308
Total memory blocks used: 888 unused: 7288 (89%) peak: 920
Allocations: 516126 alloc, 0 failed alloc, 448015 free

System kernel memory (smem) statistics:
Total memory bytes used: 108500548 peak: 141501412
Blocking memory bytes used: 1209700 peak: 1251012
Non-Blocking memory bytes used: 107290848 peak: 140250400
Allocations: 96037478 alloc, 352 failed alloc, 96033468 free, 0 failed free

Kernel memory (kmem) statistics:
Total memory bytes used: 47499616 peak: 80503692
Allocations: 526270 alloc, 0 failed alloc, 455929 free, 0 failed free
External Allocations: 0 for packets, 416 for SXL

Kernel stacks:
0 bytes total, 0 bytes stack size, 0 stacks,
0 peak used, 0 max stack bytes used, 0 min stack bytes used,
0 failed stack calls

INSPECT:
1862980 packets, 523282295 operations, 5519176 lookups,
0 record, 176414920 extract

Cookies:
130459384 total, 0 alloc, 0 free,
3139 dup, 2161857 get, 989 put,
130457806 len, 26 cached len, 0 chain alloc,
0 chain free

Connections:
17907 total, 2214 TCP, 10855 UDP, 21 ICMP,
4817 other, 0 anticipated, 8 recovered, 8 concurrent,
68 peak concurrent

Fragments:
6 fragments, 3 packets, 0 expired, 0 short,
0 large, 0 duplicates, 0 failures

NAT:
56/0 forw, 56/0 bckw, 0 tcpudp,
112 icmp, 23-366 alloc

Sync:
Version: new
Status: Able to Send/Receive sync packets
Sync packets sent:
total : 49765, retransmitted : 0, retrans reqs : 0, acks : 7823741
Sync packets received:
total : 607062, were queued : 1346, dropped by net : 0
retrans reqs : 0, received 7823620 acks
retrans reqs for illegal seq : 0
dropped updates as a result of sync overload: 0

Handles:
table name "kbufs"
3119 handles, 2 pools, 2 maximum pool(s)3
26928 allocated, 0 failed, 23809 freed
2 pool(s) allocated, 0 failed, 0 freed, 0 not preallocated
###

Workaround

N/A