Manuals / Blue Coat Systems / Kitchen Appliance / Appliance Trim Kit

Blue Coat Systems Blue Coat Systems SG Appliance, SGOS Version 5.2.2 Configuring Packet Capturing

Models: Blue Coat Systems SG Appliance SGOS Version 5.2.2

1 108

Download 108 pages 21.03 Kb

Page 53

Using Filter Expressions in the CLI

Chapter 4: Diagnostics

Note: Some qualifiers must be escaped with a backslash because their identifiers are also keywords within the filter expression parser.

❐ip proto protocol

where protocol is a number or name (icmp, udp, tcp).

❐ether proto protocol

where protocol can be a number or name (ip, arp, rarp).

Table 4-1. PCAP Filter Expressions

Filter Expression	Packets Captured

ip host 10.25.36.47	Captures packets from a specific host with IP address
	10.25.36.47.

not ip host 10.25.36.47	Captures packets from all IP addresses except
	10.25.36.47.

ip host 10.25.36.47 and ip	Captures packets sent between two IP addresses:
host 10.25.36.48	10.25.36.47 and 10.25.36.48.
	Packets sent from one of these addresses to other IP
	addresses are not filtered.

ether host 00:e0:81:01:f8:fc	Captures packets to or from MAC address
	00:e0:81:01:f8:fc:.

port 80	Captures packets to or from port 80.

ip sr www.bluecoat.com and	Captures packets that have IP source of
ether broadcast	www.bluecoat.com and ethernet broadcast
	destination.

Using Filter Expressions in the CLI

To add a filter to the CLI, use the command:

SGOS# pcap filter expr parameters

To remove a filter, use the command:

SGOS# pcap filter <enter>

Important: Define CLI filter expr parameters with double-quotes to avoid confusion with special characters. For example, a space is interpreted by the CLI as an additional parameter, but the CLI accepts only one parameter for the filter expression. Enclosing the entire filter expression in quotations allows multiple spaces in the filter expression.

Configuring Packet Capturing

Use the following procedures to configure packet capturing. If a download of the captured packets is requested, packet capturing is implicitly stopped. In addition to starting and stopping packet capture, a filter expression can be configured to control which packets are captured. For information on configuring a PCAP filter, see "Common PCAP Filter Expressions" above.

53

Image 53

Blue Coat Systems Blue Coat Systems SG Appliance manual Configuring Packet Capturing, Using Filter Expressions in the CLI

Contents

SGOS Version Volume 9: Managing the Blue Coat SG ApplianceBlue Coat Systems SG Appliance Sunnyvale, CA Contact InformationBlue Coat Systems Inc 420 North Mary Ave Chapter 1: About Managing the SG Appliance Contact InformationChapter 2 Monitoring the SG Appliance Chapter 3: Maintaining the SG ApplianceChapter 5: Statistics Volume 9: Managing the Blue Coat SG ApplianceChapter 4: Diagnostics Appendix A: Glossary Index Volume 9: Managing the Blue Coat SG Appliance Chapter 1 About Managing the SG Appliance Chapter 4: Diagnostics Chapter 5: StatisticsDocument Conventions Chapter 2: Monitoring the SG ApplianceVolume 9: Managing the Blue Coat SG Appliance “Using Director to Manage SG Systems” on page Using Director to Manage SG Systems“Configuring SNMP” on page “Configuring Health Monitoring” on pageDirector Registration Requirements Related CLI Commands for Director RegistrationRegistering the SG Appliance with Director To register the appliance with a DirectorTo view the fingerprint of the key System Summary Monitoring the System and DisksTo delete a key To view the system summary statisticsTo view the system environment statistics Viewing System Environment SensorsVolume 9: Managing the Blue Coat SG Appliance Viewing Disk StatusTo view disk status or take a disk offline Configuring Which Events to Log Setting Up Event Logging and NotificationViewing SSL Accelerator Card Information To view SSL accelerator cardsRelated CLI Commands to Set the Event Log Size Setting Event Log SizeEnabling Event Notification To set event log sizeSyslog Event Monitoring To enable event notificationsViewing the Event Log Configuration Viewing Event Log Configuration and ContentTo enable syslog monitoring Related CLI Commands to Enable Syslog MonitoringUnderstanding the Regex and Substring Filters Viewing the Event Log ContentsUnderstanding the Time Filter To enable and configure SNMP Configuring SNMPRelated CLI Commands to Enable and Configure SNMP Enabling SNMPTo set or change community strings Configuring SNMP Community StringsTo set or change community strings To enable SNMP traps Configuring SNMP TrapsRelated CLI Commands for Enabling SNMP Traps Volume 9: Managing the Blue Coat SG ApplianceHealth Monitoring Requirements Configuring Health MonitoringVolume 9: Managing the Blue Coat SG Appliance About the Health Monitoring Metric TypesAbout Health Monitoring About License Expiration Metrics Health Monitoring ExampleCRITICAL WARRNINGAbout the General Metrics About Health Monitoring NotificationAbout the Licensing Metrics Volume 9: Managing the Blue Coat SG ApplianceLicensing Metrics” on About the Status MetricsVolume 9: Managing the Blue Coat SG Appliance See Volume 5: Advanced Networking forChanging Threshold and Notification Properties Getting A Quick View of the SG Appliance Health Volume 9: Managing the Blue Coat SG Appliance Viewing Health Monitoring StatisticsTo review the health monitoring statistics SGOS#config show system-resource-metrics TroubleshootingVolume 9: Managing the Blue Coat SG Appliance Chapter 3: Maintaining the SG Appliance “Restoring System Defaults” on pageRestarting the SG Appliance Hardware and Software Restart OptionsVolume 9: Managing the Blue Coat SG Appliance Restoring System DefaultsRestore-Defaults Keep-Console Factory-DefaultsRelated CLI Syntax to Restore System Defaults To restore system defaultsClearing the DNS Cache Clearing the Object CacheClearing the Byte Cache Troubleshooting TipClearing Trend Statistics Upgrading the SG ApplianceVolume 9: Managing the Blue Coat SG Appliance The SG Appliance 5.x Version UpgradeTo upgrade the SG appliance 4.Click Restart Related CLI Syntax to Upgrade the SGOS SoftwareManaging SG Appliance Systems To view SGOS system replacement optionsTo view details for an SGOS system version Troubleshooting TipExample Session Setting the Default Boot SystemSGOS> show installed-systems 1.Select Maintenance > Upgrade > SystemsLocking and Unlocking SG Appliance Systems Related CLI Syntax to Set the Default Boot SystemReplacing an SG Appliance System To lock a systemDisk Reinitialization Deleting an SG Appliance SystemMulti-DiskSG Appliances To delete a systemDeleting Objects from the SG Appliance Single-DiskSG ApplianceTo delete a single object from the SG appliance To delete multiple objects from the SG applianceChapter 4: Diagnostics Sending Service Information Automatically Diagnostic Reporting Service Information“Diagnostic Reporting Heartbeats” on page “Diagnostic Reporting CPU Monitoring” on pageRelated CLI Syntax to Send Service Information Managing the Bandwidth for Service InformationTo manage bandwidth for service information To send service information automaticallyVolume 9: Managing the Blue Coat SG Appliance Configure Service Information SettingsTo send service information c.Click Ok 5.Click Send Related CLI Syntax to Send Service InformationTo create a new snapshot job Creating and Editing Snapshot JobsTo edit an existing snapshot job Volume 9: Managing the Blue Coat SG Appliancea.Target: Enter the object to snapshot PCAP File Name Format Packet Capturing the Job UtilityCommon PCAP Filter Expressions Volume 9: Managing the Blue Coat SG ApplianceUsing Filter Expressions in the CLI Configuring Packet Capturing6 7 8 9 To enable, stop, and download packet capturesVolume 9: Managing the Blue Coat SG Appliance a.Capture all matching packets Volume 9: Managing the Blue Coat SG Appliance Viewing Current Packet Capture DataCore Image Restart Options To configure core image restart optionsUploading Packet Capture Data To view current packet capture statisticsVolume 9: Managing the Blue Coat SG Appliance Diagnostic Reporting HeartbeatsTo configure and view CPU monitoring Diagnostic Reporting CPU MonitoringVolume 9: Managing the Blue Coat SG Appliance Chapter 5: Statistics “Viewing the Access Log” on pageSelecting the Graph Scale “Viewing Traffic Distribution Statistics” on pageVolume 9: Managing the Blue Coat SG Appliance Viewing Traffic Distribution StatisticsAbout Bypassed Bytes Understanding Chart DataRefreshing the Data Viewing Bandwidth Usage or Gain About the Default Service StatisticsTo view bandwidth usage or gain statistics Volume 9: Managing the Blue Coat SG ApplianceTo view client and server byte statistics Viewing Traffic HistoryVolume 9: Managing the Blue Coat SG Appliance Supported Proxy Types and ServicesRefreshing the Data Unsupported Proxy TypesUnderstanding Chart Data Viewing Bandwidth Management Statistics Viewing the ADN HistoryViewing Protocol Statistics Volume 9: Managing the Blue Coat SG ApplianceCIFS History Viewing System Statistics “Contents Statistics” on pageResources Statistics Viewing CPU UtilizationChapter 5: Statistics Viewing Concurrent UsersTo view concurrent users Viewing Memory Use Statistics Viewing Disk Use StatisticsTo view disk use statistics To view memory use statisticsSelect Statistics > System > Resources > Data To view data allocation statisticsTo view the distribution of cache contents Contents StatisticsViewing Cached Objects by Size Viewing the Number of Objects Served by SizeTo view the event log Event Logging StatisticsActive Sessions—Viewing Per-ConnectionStatistics Failover StatisticsTo view failover statistics Volume 9: Managing the Blue Coat SG ApplianceViewing Proxied Sessions Analyzing Proxied SessionsAbout the Proxied Sessions Statistics To view proxied sessionsColumn Heading Volume 9: Managing the Blue Coat SG ApplianceDescription ClientColumn Heading Chapter 5 StatisticsDescription Server BytesService Name Volume 9: Managing the Blue Coat SG Applianceobject-by-objectbasis Is not displayed for MAPI and TCP-TunneltrafficAbout MMS Streaming Connections Using the Tool TipsViewing Sessions with Multiple Connections HTTPVolume 9: Managing the Blue Coat SG Appliance Understanding the Tree ViewFiltering the Display What Is Not DisplayedAbout the Byte Totals ADN TunnelsVolume 9: Managing the Blue Coat SG Appliance Analyzing Bypassed Connections StatisticsTo view bypassed connections Viewing Bypassed ConnectionsAbout the Bypassed Connection Statistics The following filters are available Volume 9 Managing the Blue Coat SG ApplianceFiltering the Display Viewing Health Monitoring Statistics Viewing the Access LogViewing Health Check Statistics Viewing Advanced StatisticsVolume 9: Managing the Blue Coat SG Appliance Using the CLI show Command to View Statisticsresources Chapter 5: StatisticsAllocation of system resources snmpVolume 9: Managing the Blue Coat SG Appliance Appendix A: Glossary authenticate-401attribute Volume 9: Managing the Blue Coat SG ApplianceAppendix A: Glossary destination objects Volume 9: Managing the Blue Coat SG ApplianceAppendix A: Glossary health check type Volume 9 Managing the Blue Coat SG ApplianceAppendix A: Glossary Management Console Volume 9: Managing the Blue Coat SG ApplianceAppendix A: Glossary parent class bandwidth Volume 9: Managing the Blue Coat SG ApplianceNetwork > Tunneling tab Appendix A: GlossarySG appliance Volume 9: Managing the Blue Coat SG ApplianceAppendix A: Glossary Websense log type Volume 9: Managing the Blue Coat SG ApplianceIndex Page Page Volume 9: Managing the Blue Coat SG Appliance