Imperva Cyber Community

Expand all | Collapse all

How to check current HTTPS connections in securesphere vis CLI ?

Jump to Best Answer
  • 1.  How to check current HTTPS connections in securesphere vis CLI ?

    Posted 13 days ago
    Hello,

    I am unable to find out, how to check current HTTPS connections in on-premise waf via CLI. Also, please share if there's a reference document .

    Thanks
    Chintan
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Chintan Myakal
    Sr.Cybersecurity Analyst
    Mumbai
    ------------------------------


  • 2.  RE: How to check current HTTPS connections in securesphere vis CLI ?
    Best Answer

    Imperva Employee
    Posted 12 days ago
    Hi @Chintan Myakal,

    You can see the status of the TCP connections in /proc/hades/status.
    Here's the link to the article that can be useful: https://docs.imperva.com/howto/0c0def26.
    BTW if you are using version 14.1 and higher, /proc/hades is in new location: /opt/SecureSphere/etc/proc/hades.
    Also, you can check /proc/hades/streams or /proc/hades/debug_streams, where you can find the output in the following format:

    #5 3 1 (0 0) 172.31.1.2:38058 -> 172.31.1.20:80 [3696045778 11986] VedaApp_6388299901074987586:http
    #11 4 1 (420 17376) 172.31.1.2:38066 -> 172.31.1.20:80 [2843750936 12824] VedaApp_6388299901074987586:http
    #3 4 1 (3280 51007) 172.31.1.2:38055 -> 172.31.1.20:80 [1196734582 47222] VedaApp_6388299901074987586:http
    #4 6 1 (1606 14632) 172.31.1.2:38056 -> 172.31.1.20:80 [1169739654 53126] VedaApp_6388299901074987586:http
    #10 6 0 (0 0) 172.31.1.2:38051 -> 172.31.1.20:80 [1048636680 60680] VedaApp_6388299901074987586:http
    #1 4 1 (1194 5645) 172.31.1.20:32817 -> 172.31.1.10:3306 [828832888 64632] VedaDB_-6090531506468589997:mysql
    #12 6 0 (0 0) 172.31.1.2:38057 -> 172.31.1.20:80 [764157005 7245] VedaApp_6388299901074987586:http
    #8 3 1 (0 0) 172.31.1.2:38060 -> 172.31.1.20:80 [1127231097 11897] VedaApp_6388299901074987586:http
    #3 4 1 (425 37648) 172.31.1.2:38050 -> 172.31.1.20:80 [1586378835 14419] VedaApp_6388299901074987586:http
    #11 3 1 (0 0) 172.31.1.2:38065 -> 172.31.1.20:80 [2493203771 17723] VedaApp_6388299901074987586:http
    #5 3 1 (0 0) 172.31.1.2:38053 -> 172.31.1.20:80 [4063321227 23691] VedaApp_6388299901074987586:http
    #10 4 1 (2050 29543) 172.31.1.2:38064 -> 172.31.1.20:80 [3291583387 37787] VedaApp_6388299901074987586:http
    #4 3 1 (0 0) 172.31.1.2:38052 -> 172.31.1.20:80 [534762305 54081] VedaApp_6388299901074987586:http
    #1 4 1 (812 7296) 172.31.1.2:38048 -> 172.31.1.20:80 [2830162023 55399] VedaApp_6388299901074987586:http

    Output Syntax (per column):

    1. stream-id: Internal stream identification number
    2. state: TCP connection state (0:SYN_INIT, 1:SYN_ACK, 2:SYN_ACK_INIT, 3:CONNECT_ACK, 4:ESTABLISHED, 5:ESTABLISHED_INIT, 6:FIN_WAIT, 7:TIME_WAIT)
    3. conndir: Connection direction (0 or 1)
    4. (data_count1 data_count2): Bytes that flow in each direction (s2d d2s)
    5. srcip:srcport -> dstip:dstport: Socket tuple that identify unequivocally the connection in the network.
    6. [hashtbl hashtbl_index]: TBD
    7. ServerGroup:service: Server group and service where the stream is hooked. Useful to evaluate load per service.
    ​Please let me know if this is helpful or you need more info.
    Best,

    ------------------------------
    Ira Miga
    Imperva
    Knowledge Engineer
    ------------------------------



  • 3.  RE: How to check current HTTPS connections in securesphere vis CLI ?

    Posted 12 days ago
    Hi Ira,

    Thanks a lot for the response! But, I am not able to view the document you shared.Please find the below screenshot.



    ------------------------------
    Chintan Myakal
    Sr.Cybersecurity Analyst
    Mumbai
    ------------------------------



  • 4.  RE: How to check current HTTPS connections in securesphere vis CLI ?

    Imperva Employee
    Posted 12 days ago
    Hi @Chintan Myakal,

    You need to be logged in in order to view the page.
    Best,​

    ------------------------------
    Ira Miga
    Imperva
    Knowledge Engineer
    ------------------------------



  • 5.  RE: How to check current HTTPS connections in securesphere vis CLI ?

    Posted 12 days ago
    Hi @Ira Miga,

    Even after logging in I am observing the same error. Can you check this at your end ?



    ------------------------------
    Chintan Myakal
    Sr.Cybersecurity Analyst
    Mumbai
    ------------------------------



  • 6.  RE: How to check current HTTPS connections in securesphere vis CLI ?

    Imperva Employee
    Posted 12 days ago
    Hi @Chintan Myakal,

    You are right, I get the same error.
    I'll how to fix the page.
    Anyway, all the info it has is this:

    This article provides the location of throughput and connection information.

    This information stored in /proc/hades//status for each server. There is also a global status file /proc/hades/status which has the same information for all server groups.

    So it doesn't add to what was said here.
    If you have any additional questions, let me know and I'll try to find the answers for you.
    Best,




    ------------------------------
    Ira Miga
    Imperva
    Knowledge Engineer
    ------------------------------



  • 7.  RE: How to check current HTTPS connections in securesphere vis CLI ?

    CHAMPION
    Posted 10 days ago
    Hi @Ira Miga @Chintan Myakal,

    I have previously shared a script for gateway throughput tracking at the link below;

    https://community.imperva.com/viewdocument/gateway-throughput-tracker-script?CommunityKey=39c6092a-d67a-4bc2-8134-bfbb25fc43af&tab=librarydocuments

    It is tested on v13 and should be modified for v14 because of new path.

    It may help for tracking statistics.

    ------------------------------
    Cezmi Cal
    technical support engineer
    Barikat Cyber Security
    Ankara
    ------------------------------



  • 8.  RE: How to check current HTTPS connections in securesphere vis CLI ?

    Posted 10 days ago
    Thanks a lot @Cezmi Cal !


    ------------------------------
    Chintan Myakal
    Sr.Cybersecurity Analyst
    Mumbai
    ------------------------------



  • 9.  RE: How to check current HTTPS connections in securesphere vis CLI ?

    Imperva Employee
    Posted 12 days ago
    Fos ssl hit\sec you can also look at /proc/hades/ssl/status. This does not exist in ngrp and we are working on adding this info to the proc/hades/status file.

    ------------------------------
    Michael Sorin
    Software Engineer
    Tel Aviv CA
    ------------------------------