Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  How to check current HTTPS connections in securesphere vis CLI ?

    Posted 04-05-2021 09:45
    Hello,

    I am unable to find out, how to check current HTTPS connections in on-premise waf via CLI. Also, please share if there's a reference document .

    Thanks
    Chintan
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Chintan Myakal
    Sr.Cybersecurity Analyst
    Mumbai
    ------------------------------


  • 2.  RE: How to check current HTTPS connections in securesphere vis CLI ?
    Best Answer

    Posted 04-06-2021 10:42
    Hi @Chintan Myakal,

    You can see the status of the TCP connections in /proc/hades/status.
    Here's the link to the article that can be useful: https://docs.imperva.com/howto/0c0def26.
    BTW if you are using version 14.1 and higher, /proc/hades is in new location: /opt/SecureSphere/etc/proc/hades.
    Also, you can check /proc/hades/streams or /proc/hades/debug_streams, where you can find the output in the following format:

    #5 3 1 (0 0) 172.31.1.2:38058 -> 172.31.1.20:80 [3696045778 11986] VedaApp_6388299901074987586:http
    #11 4 1 (420 17376) 172.31.1.2:38066 -> 172.31.1.20:80 [2843750936 12824] VedaApp_6388299901074987586:http
    #3 4 1 (3280 51007) 172.31.1.2:38055 -> 172.31.1.20:80 [1196734582 47222] VedaApp_6388299901074987586:http
    #4 6 1 (1606 14632) 172.31.1.2:38056 -> 172.31.1.20:80 [1169739654 53126] VedaApp_6388299901074987586:http
    #10 6 0 (0 0) 172.31.1.2:38051 -> 172.31.1.20:80 [1048636680 60680] VedaApp_6388299901074987586:http
    #1 4 1 (1194 5645) 172.31.1.20:32817 -> 172.31.1.10:3306 [828832888 64632] VedaDB_-6090531506468589997:mysql
    #12 6 0 (0 0) 172.31.1.2:38057 -> 172.31.1.20:80 [764157005 7245] VedaApp_6388299901074987586:http
    #8 3 1 (0 0) 172.31.1.2:38060 -> 172.31.1.20:80 [1127231097 11897] VedaApp_6388299901074987586:http
    #3 4 1 (425 37648) 172.31.1.2:38050 -> 172.31.1.20:80 [1586378835 14419] VedaApp_6388299901074987586:http
    #11 3 1 (0 0) 172.31.1.2:38065 -> 172.31.1.20:80 [2493203771 17723] VedaApp_6388299901074987586:http
    #5 3 1 (0 0) 172.31.1.2:38053 -> 172.31.1.20:80 [4063321227 23691] VedaApp_6388299901074987586:http
    #10 4 1 (2050 29543) 172.31.1.2:38064 -> 172.31.1.20:80 [3291583387 37787] VedaApp_6388299901074987586:http
    #4 3 1 (0 0) 172.31.1.2:38052 -> 172.31.1.20:80 [534762305 54081] VedaApp_6388299901074987586:http
    #1 4 1 (812 7296) 172.31.1.2:38048 -> 172.31.1.20:80 [2830162023 55399] VedaApp_6388299901074987586:http

    Output Syntax (per column):

    1. stream-id: Internal stream identification number
    2. state: TCP connection state (0:SYN_INIT, 1:SYN_ACK, 2:SYN_ACK_INIT, 3:CONNECT_ACK, 4:ESTABLISHED, 5:ESTABLISHED_INIT, 6:FIN_WAIT, 7:TIME_WAIT)
    3. conndir: Connection direction (0 or 1)
    4. (data_count1 data_count2): Bytes that flow in each direction (s2d d2s)
    5. srcip:srcport -> dstip:dstport: Socket tuple that identify unequivocally the connection in the network.
    6. [hashtbl hashtbl_index]: TBD
    7. ServerGroup:service: Server group and service where the stream is hooked. Useful to evaluate load per service.
    ​Please let me know if this is helpful or you need more info.
    Best,

    ------------------------------
    Ira Miga
    Imperva
    Knowledge Engineer
    ------------------------------

    Original Message


  • 3.  RE: How to check current HTTPS connections in securesphere vis CLI ?

    Posted 04-06-2021 11:23
    Edited by Chintan Myakal 04-06-2021 11:23
    Hi Ira,

    Thanks a lot for the response! But, I am not able to view the document you shared.Please find the below screenshot.



    ------------------------------
    Chintan Myakal
    Sr.Cybersecurity Analyst
    Mumbai
    ------------------------------

    Original Message


  • 4.  RE: How to check current HTTPS connections in securesphere vis CLI ?

    Posted 04-07-2021 02:39
    Hi @Chintan Myakal,

    You need to be logged in in order to view the page.
    Best,​

    ------------------------------
    Ira Miga
    Imperva
    Knowledge Engineer
    ------------------------------

    Original Message


  • 5.  RE: How to check current HTTPS connections in securesphere vis CLI ?

    Posted 04-07-2021 03:57
    Hi @Ira Miga,

    Even after logging in I am observing the same error. Can you check this at your end ?



    ------------------------------
    Chintan Myakal
    Sr.Cybersecurity Analyst
    Mumbai
    ------------------------------

    Original Message


  • 6.  RE: How to check current HTTPS connections in securesphere vis CLI ?

    Posted 04-07-2021 04:38
    Hi @Chintan Myakal,

    You are right, I get the same error.
    I'll how to fix the page.
    Anyway, all the info it has is this:

    This article provides the location of throughput and connection information.

    This information stored in /proc/hades//status for each server. There is also a global status file /proc/hades/status which has the same information for all server groups.

    So it doesn't add to what was said here.
    If you have any additional questions, let me know and I'll try to find the answers for you.
    Best,




    ------------------------------
    Ira Miga
    Imperva
    Knowledge Engineer
    ------------------------------

    Original Message


  • 7.  RE: How to check current HTTPS connections in securesphere vis CLI ?

    Posted 04-09-2021 03:16
    Hi @Ira Miga @Chintan Myakal,

    I have previously shared a script for gateway throughput tracking at the link below;

    https://community.imperva.com/viewdocument/gateway-throughput-tracker-script?CommunityKey=39c6092a-d67a-4bc2-8134-bfbb25fc43af&tab=librarydocuments

    It is tested on v13 and should be modified for v14 because of new path.

    It may help for tracking statistics.

    ------------------------------
    Cezmi Cal
    technical support engineer
    Barikat Cyber Security
    Ankara
    ------------------------------

    Original Message


  • 8.  RE: How to check current HTTPS connections in securesphere vis CLI ?

    Posted 04-09-2021 07:05
    Thanks a lot @Cezmi Cal !


    ------------------------------
    Chintan Myakal
    Sr.Cybersecurity Analyst
    Mumbai
    ------------------------------

    Original Message


  • 9.  RE: How to check current HTTPS connections in securesphere vis CLI ?

    Posted 04-06-2021 12:16
    Fos ssl hit\sec you can also look at /proc/hades/ssl/status. This does not exist in ngrp and we are working on adding this info to the proc/hades/status file.

    ------------------------------
    Michael Sorin
    Software Engineer
    Tel Aviv CA
    ------------------------------

    Original Message