Knowledge Search


×
 

How to determine how long a session has been up in ScreenOS

  [KB13196] Show Article Properties


Summary:
A session can remain active on the firewall for much longer than its timeout value.  For instance, the timeout value for the SSH service on the firewall is set to 30 minutes (1800 seconds).  If traffic keeps traversing the firewall via this session before the timeout value has been reached, the session can remain up for much longer than 30 minutes.  This KB article explains how to determine how much total time has elapsed since the session was started.
Symptoms:
When viewing a particular session via the 'get session id' command, there isn't a counter that shows the total time that the session has been up.  This needs to be calculated by subtracting the start time value from the length of time since the firewall was last booted up (the up time).
Solution:
To find the start time of the session, perform the following steps:
  1. View the detailed session information with the command 'get session id <session id>'.
    ISG2000-> get sess id 524283
    id 524283(0007fffb), flag 00000040/0080/0023, vsys id 0(Root)
    policy id 320002, application id 0, dip id 0, state 0
    current timeout 1810, max timeout 1800 (second)
    status normal, start time 1734185, duration 0
    session id mask 0, app value 18
    mgt(vsd 0): 1.1.1.1/1219->2.2.2.2/22, protocol 6 session token 12 route 4
    gtwy 172.18.68.1, mac 0010db69a5f0, nsptn info 0, pmtu 1500
    flag 800601, diff 0/0
    port seq 0, subif 0, cookie 0, fin seq 0, fin state 0
    self(vsd 0): 1.1.1.1/1219->2.2.2.2/22, protocol 6 session token 8 route 0
    gtwy 0.0.0.0, mac 000000000000, nsptn info 0, pmtu 1500
    mac 000000000000, nsptn info 0
    flag 10, diff 0/0
    port seq 0, subif 0, cookie 0, fin seq 0, fin state 0

  2. Note the start time for the session.  In this example, the start time was 1734185.  This is the length of time in seconds since the firewall last booted up.  In this case, this translates into 481 hours, 43 minutes, and 5 seconds.

  3. Next, use the 'get clock' command to see how long the firewall has been up:
    ISG2000-> get clock
    Date 01/16/2009 11:04:20, Daylight Saving Time enabled
    The Network Time Protocol is Disabled
    Up 553 hours 2 minutes 16 seconds Since 24Dec2008:10:02:04
    1232103860.226419 seconds since 1/1/1970 0:0:0 GMT
    GMT time zone area 0:00
    GMT time zone offset 0:00
  4. Subtract the session's start time from the firewall's up time to get the amount of time that this session has been up.  In this example, the start time (481 hours 43 minutes and 5 seconds, or 1734185 seconds) minus the up time (553 hours 2 minutes 16 seconds, or 1990936 seconds) is 71 hours 19 minutes 11 seconds, or 256751 seconds.
Modification History:
2019-05-22: Content reviewed for accuracy
Related Links: