Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX/IDP] How to check the size of a successfully loaded active IDP policy

0

0

Article ID: KB26758 KB Last Updated: 31 Jan 2013Version: 1.0
Summary:
This article provides information on how to check the size of a successfully loaded, active IDP policy.
Symptoms:
In case of a suspicion that the IDP policy size is consuming a lot of memory, the administrator can check the size of IDP policy, especially on branch SRX devices.
Cause:

Solution:
The following example illustrates the recommended template that is set to be the active IDP policy:
[edit]
root@3400-2# set security idp active-policy Recommended

[edit]
root@3400-2# commit
commit complete

[edit]
root@3400-2# run show security idp policy-commit-status
Compiling policy...
To check the loaded IDP policy size, use the following command:
[edit]
root@3400-2# run show security idp policy-commit-status
IDP policy[/var/db/idpd/bins/Recommended.bin.gz.v] and detector[/var/db/idpd/sec-repository/installed-detector/libidp-detector.so.tgz.v] loaded successfully.
The loaded policy size is:4344169 Bytes

Similarly, the size of any loaded active IDP policy can be checked. However, in certain cases, when any kind of minor non-IDP change is made, the above command will display the following output:
root@srx3400> show security idp policy-commit-status
Active policy not configured or Active policy not modified
In such cases, use the following method to check the size of the policy (in this example, test-ssl is the active policy):
root@srx3400> start shell

root@srx3400% cd /var/db/idpd/bins

root@srx3400% ls -al
total 16560
drwxr-xr-x 2 root wheel 512 Jan 24 09:02 .
drwxr-xr-x 8 root wheel 512 Jan 24 09:02 ..
-rw-r--r-- 1 root wheel 2415816 Jan 8 15:16 compiled_ai.bin
-rw-r--r-- 1 root wheel 2840770 Jan 8 15:16 compressed_ai.bin
-rw-r--r-- 1 root wheel 1832 Jan 24 09:02 last-good-policy.bin.gz.v
-rw-r--r-- 1 root wheel 3134686 Dec 14 09:55 libidp-detector.so.tgz.v
lrwxr-xr-x 1 root wheel 52 Dec 14 09:55 running-detector -> /var/db/idpd/sec-repository/libidp-detector.so.tgz.v
lrwxr-xr-x 1 root wheel 35 Jan 24 09:02 running-policy -> /var/db/idpd/bins/test-ssl.bin.gz.v
-rw-r----- 1 root wheel 1831 Jan 24 09:02 test-ssl.bin.gz.v


root@srx3400% addver -r test-ssl.bin.gz.v test-ssl.bin.gz
infile test-ssl.bin.gz.v , outfile test-ssl.bin.gz
Version is 1.0 build 0
compressed
Not encrypted

root@srx3400% ls -al
total 16564
drwxr-xr-x 2 root wheel 512 Jan 30 12:39 .
drwxr-xr-x 8 root wheel 512 Jan 24 09:02 ..
-rw-r--r-- 1 root wheel 2415816 Jan 8 15:16 compiled_ai.bin
-rw-r--r-- 1 root wheel 2840770 Jan 8 15:16 compressed_ai.bin
-rw-r--r-- 1 root wheel 1832 Jan 24 09:02 last-good-policy.bin.gz.v
-rw-r--r-- 1 root wheel 3134686 Dec 14 09:55 libidp-detector.so.tgz.v
lrwxr-xr-x 1 root wheel 52 Dec 14 09:55 running-detector -> /var/db/idpd/sec-repository/libidp-detector.so.tgz.v
lrwxr-xr-x 1 root wheel 35 Jan 24 09:02 running-policy -> /var/db/idpd/bins/test-ssl.bin.gz.v
-rw-r----- 1 root wheel 1783 Jan 30 12:38 test-ssl.bin.gz
-rw-r----- 1 root wheel 1831 Jan 24 09:02 test-ssl.bin.gz.v

root@srx3400% gunzip test-ssl.bin.gz

gunzip: test-ssl.bin.gz: decompression OK, trailing garbage ignored

root@srx3400% du -sh test-ssl.bin
10K test-ssl.bin

root@srx3400% ls -al
total 16580
drwxr-xr-x 2 root wheel 512 Jan 30 12:39 .
drwxr-xr-x 8 root wheel 512 Jan 24 09:02 ..
-rw-r--r-- 1 root wheel 2415816 Jan 8 15:16 compiled_ai.bin
-rw-r--r-- 1 root wheel 2840770 Jan 8 15:16 compressed_ai.bin
-rw-r--r-- 1 root wheel 1832 Jan 24 09:02 last-good-policy.bin.gz.v
-rw-r--r-- 1 root wheel 3134686 Dec 14 09:55 libidp-detector.so.tgz.v
lrwxr-xr-x 1 root wheel 52 Dec 14 09:55 running-detector -> /var/db/idpd/sec-repository/libidp-detector.so.tgz.v
lrwxr-xr-x 1 root wheel 35 Jan 24 09:02 running-policy -> /var/db/idpd/bins/test-ssl.bin.gz.v
-rw-r----- 1 root wheel 8488 Jan 30 12:38 test-ssl.bin
-rw-r----- 1 root wheel 1831 Jan 24 09:02 test-ssl.bin.gz.v

root@srx3400# run show security idp policy-commit-status
IDP policy[/var/db/idpd/bins/test-ssl.bin.gz.v] and detector[/var/db/idpd/sec-repository/installed-detector/libidp-detector.so.tgz.v] loaded successfully.
The loaded policy size is:8488 Bytes
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search