Difference between revisions of "cpview log"
(→exporting the data) |
|||
| Line 59: | Line 59: | ||
cpwd_admin: | cpwd_admin: | ||
Process HISTORYD started successfully (pid=9595) | Process HISTORYD started successfully (pid=9595) | ||
| + | |||
| + | to view the oldest date and time of data available in a history file... | ||
| + | |||
| + | [Expert@chkpfw1:0]# sqlite3 /var/log/CPView_history/CPViewDB.dat 'select datetime(Timestamp, "unixepoch") as time from fw_counters limit 1' | ||
| + | 2021-04-07 05:32:28 | ||
Latest revision as of 17:37, 15 April 2021
Contents |
versions
R77 and above
The table structure can change dramatically from version to version. For example the number of tables in the cpview database changed from 321 to 83 between r77.20 and r77.30.
opening the database
We will query it with the sqlite3 utility. We don't use the cpview binary because it is too limited.
[Expert@chkpfw1:0]# sqlite3 /var/log/CPView_history/CPViewDB.dat
example queries
list tables
sqlite> .tables
list columns
sqlite> .schema fw_counters
passing sqlite3 command via CLI
[Expert@chkpfw1:0]# sqlite3 /var/log/CPView_history/CPViewDB.dat '.tables'
query with start end times
sqlite3 /var/log/CPView_history/CPViewDB.dat 'select datetime(Timestamp, "unixepoch") as time,inbound_throughput/1048576/10 as MBS_IN,outbound_throughput/1048576/10 as MBS_OUT,concurrent_conns from fw_counters where time between "2016-01-05 00:00:00" and "2016-01-05 00:10:00"'
check for high cpu (77.20?)
sqlite3 /var/log/CPView_history/CPViewDB.dat 'select datetime(Timestamp, "unixepoch") as time,name_of_cpu,cpu_usage from fw_counters where cpu_usage between "90" and "100" '
cpu table
$ sqlite3 /var/log/CPView_history/CPViewDB.dat '.schema UM_STAT_UM_CPU_UM_CPU_ORDERED_TABLE' | tr ',' '\n' CREATE TABLE UM_STAT_UM_CPU_UM_CPU_ORDERED_TABLE (Timestamp INTEGER name_of_cpu INTEGER cpu_usage INTEGER cpu_usr_time INTEGER cpu_sys_time INTEGER cpu_idl_time INTEGER cpu_io_wait INTEGER cpu_interrupts INTEGER);
exporting the data
[Expert@chkpfw1:0]# cpview history export Stopping the history daemon cpwd_admin: Process HISTORYD terminated cpwd_admin: successful Del operation Exporting the database Exported DB to /var/log/CPView_history/exported_db_15_04_2021_1222.gz Starting the history daemon cpwd_admin: Process HISTORYD started successfully (pid=9595)
to view the oldest date and time of data available in a history file...
[Expert@chkpfw1:0]# sqlite3 /var/log/CPView_history/CPViewDB.dat 'select datetime(Timestamp, "unixepoch") as time from fw_counters limit 1' 2021-04-07 05:32:28
