Parsing and analyzing current Active Sessions for troubleshooting

book

Article ID: 171482

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

The purpose of this article is to provide steps to extract Active Sessions from the ProxySG and sort them in an Excel spreadsheet so that it can be analyzed in search for issues.

Resolution

  1. Download current Active Sessions as a txt file by going to Statistics > Sessions > Active Sessions > Filter (optional) > Show > Download
  2. Copy the content of the downloaded file (fields are separated by spaces)
  3. Open an Excel spreadsheet and paste the content on the first cell of the spreadsheet. Each field should fill each column without requiring additional effort.
  4. (Optional) If sorting via a specific field is required (such as domain name), a filter can be created by selecting the top cell in the desired column ("Server" field) and go to Data > Filter (as seen in Excel 2016). A dropdown menu will appear in the cell we selected. After this, we can select the domain/s we want to inspect. By doing this, we can see all the requests being made to a given domain at a given time, without the risk of losing information in the Active Sessions when pressing the "Show" button.

 

Other possible uses for this are the following:

  • Checking what ICAP service is processing the requests/responses ("I" column)
  • Viewing the clients and/or destinations that are consuming the most bandwidth ("Client Bytes" column)
  • Comparing Decrypted vs Non-Decrypted connections ("Application" column). "HTTPS Fwd" value means it is decrypting traffic. If it is not decrypting, it commonly says SSL instead.
  • Inspecting error codes ("Detail" column).