Skip to main content
cskuan
Staff
cskuan
Staff
June 23, 2020

Technical Tip: How to identify if 'diagnose sys session clear' command has been issued to clear session

  • June 23, 2020
  • 0 replies
  • 5674 views

Description


This article describes how to identify if the 'diagnose sys session clearcommand has been issued to clear a session.

 

Scope

 

FortiGate.

Solution


To identify if the 'diagnose sys session clearcommand has been issued, is by checking on the ‘flush’ counter.
This ‘flush’ counter will be shown when the 'diagnose sys session statcommand is executed.
The ‘flush’ counter value will increase each time the 'diagnose sys session clearcommand is issued.

Below is the sample output:

 

diagnose sys session stat
misc info:       session_count=30 setup_rate=0 exp_count=0 clash=0
        memory_tension_drop=0 ephemeral=0/131062 removeable=0
delete=0, flush=0, dev_down=0/0 ses_flush_filters=0                 <----- 0, before clear session.
flush_work_num=0
TCP sessions:
         6 in ESTABLISHED state
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
tt=00000000
cont=00000000
ids_recv=00000000
url_recv=00000000
av_recv=00000000
fqdn_count=00000000
fqdn6_count=00000000
global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0

diagnose sys session clear                                            <----- command to clear session.

diagnose sys session stat
misc info:       session_count=2 setup_rate=0 exp_count=0 clash=0
        memory_tension_drop=0 ephemeral=0/131062 removeable=0
delete=0, flush=1, dev_down=0/0 ses_flush_filters=0                 <----- counter increase.
flush_work_num=0
TCP sessions:
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
tt=00000000
cont=00000000
ids_recv=00000000
url_recv=00000000
av_recv=00000000
fqdn_count=00000000
fqdn6_count=00000000
global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0

 

However, be reminded that the 'flush' counter value will be reset to 0 after each view.

 

diagnose sys session stat
misc info:       session_count=3 setup_rate=0 exp_count=0 clash=0
        memory_tension_drop=0 ephemeral=0/131062 removeable=0
delete=0, flush=0, dev_down=0/0 ses_flush_filters=0                 <----- Reset to 0 if not clear session commands run in between. 
flush_work_num=0
TCP sessions:
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
tt=00000000
cont=00000000
ids_recv=00000000
url_recv=00000000
av_recv=00000000
fqdn_count=00000000
fqdn6_count=00000000
global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0

Terms & ConditionsAccessibility statement