Description | This article describes how to determine the amount of bytes handled by the WAD over time. |
Scope | FortiGate. |
Solution |
The stats as presented in 'get sys performance status' only show overall performance and do not differentiate flow and proxy-based throughput. This makes it difficult to determine how much is processed by the WAD daemon, and if the usage of the WAD daemon as seen in the 'diag sys top' is explainable by traffic going over the FortiGate.
FGT01 # get sys performance status CPU states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq CPU0 states: 2% user 0% system 0% nice 98% idle 0% iowait 0% irq 0% softirq CPU1 states: 1% user 0% system 0% nice 99% idle 0% iowait 0% irq 0% softirq CPU2 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq CPU3 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq CPU4 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq CPU5 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq CPU6 states: 1% user 0% system 0% nice 99% idle 0% iowait 0% irq 0% softirq CPU7 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq Memory: 8170500k total, 5961204k used (73.0%), 1878960k free (23.0%), 330336k freeable (4.0%) Average network usage: 337506 / 130776 kbps in 1 minute, 244569 / 163774 kbps in 10 minutes, 205483 / 179163 kbps in 30 minutes Maximal network usage: 977251 / 195145 kbps in 1 minute, 1082185 / 496639 kbps in 10 minutes, 1082185 / 532541 kbps in 30 minutes Average sessions: 15115 sessions in 1 minute, 15957 sessions in 10 minutes, 16234 sessions in 30 minutes Maximal sessions: 15315 sessions in 1 minute, 17246 sessions in 10 minutes, 18640 sessions in 30 minutes Average session setup rate: 122 sessions per second in last 1 minute, 117 sessions per second in last 10 minutes, 117 sessions per second in last 30 minutes Maximal session setup rate: 217 sessions per second in last 1 minute, 317 sessions per second in last 10 minutes, 477 sessions per second in last 30 minutes Average NPU sessions: 3875 sessions in last 1 minute, 4244 sessions in last 10 minutes, 4481 sessions in last 30 minutes Maximal NPU sessions: 3951 sessions in last 1 minute, 4837 sessions in last 10 minutes, 5396 sessions in last 30 minutes Average nTurbo sessions: 3 sessions in last 1 minute, 40 sessions in last 10 minutes, 29 sessions in last 30 minutes Maximal nTurbo sessions: 3 sessions in last 1 minute, 68 sessions in last 10 minutes, 68 sessions in last 30 minutes Virus caught: 0 total in 1 minute IPS attacks blocked: 0 total in 1 minute Uptime: 4 days, 19 hours, 28 minutes
The total amount of bytes processed by the WAD can be found in diag wad stats worker. Down below are the statistics for http traffic, but other types of traffic are also tracked in the logs. These statistics are lifetime statistics and this command would need to be executed periodically to check the throughput over time.
diagnose wad stats worker
protos.http.wan.bytes_in 265985948059 protos.http.wan.bytes_out 10581471688 protos.http.lan.bytes_in 10535926368 protos.http.lan.bytes_out 148935781548
Executing this periodically by hand may prove to be cumbersome, if the WAD issues being investigated are intermittent. It is better to automate this process with the help of a Teraterm monitoring script. See the related articles at the bottom of this article for instructions.
Any such scripts should include the following commands. Additional commands can be added depending on what exactly is being investigated.
fnsysctl date get system performance status fnsysctl ifconfig diagnose sys session stat diagnose wad stats worker
Related articles: Technical Tip: FortiGate monitoring script Technical Tip: TAC debug script with TeraTerm Troubleshooting Tip: WAD troubleshooting commands |