IPS Analyzer Tool - How to analyze IPS performance efficiently

File uploaded by Omer Shliva Employee on Oct 5, 2018Last modified by Omer Shliva Employee on Oct 5, 2018
Version 2Show Document
  • View in full screen mode

(1) Introduction

The IPS Analyzer Tool collects information about the IPS Protections usage. The IPS statistics information indicates which patterns out of all IPS protections were called into action (but not necessarily matched) and how many times. Analyzer tool processes the statistic outputs and produces a clear HTML report based on that output. The report indicates which IPS protections are causing critical, high or medium load on CPU and provides information regarding the load on Security Gateway per traffic type.

The IPS Analyzer Tool is supported on R77 and above.

(2) Procedure

  1. Collect the relevant IPS statistics per sk43733 - How to measure CPU time consumed by IPS protections - section "(1) IPS statistics" - sub-section "Show / Hide the procedure for versions R77 and above".

  2. Compress the IPS statistics output folder on Security Gateway:

    [Expert@HostName:0]# cd /path_to_IPS_statistics_output_folder/
    [Expert@HostName:0]# tar cvf IPS_Statistics.tar <HH-MM-SS__MM-DD-YYYY>
  3. Transfer the compressed IPS statistics output folder (IPS_Statistics.tar) from Security Gateway to your computer and unpack it.

  4. Run the IPS Analyzer Tool on the unpacked IPS statistics output folder:

    1. Open Windows Command Prompt

    2. Run:

      C:\> Analyzer.exe OFFLINE "DISK:\path_to_unpacked_statistics_output_folder"
  5. Review the output files:

    • AnalyzerReport.html - Main report file, located in DISK:\path_to_uncompressed_statistics_output_folder\AnalyzerReport.html (use Chrome or Firefox browser)

    • analyzer.log - Log file

       

*NOTE*

The tool only displays protection information relevant to the IPS Software Blade. Details from other Software Blades may appear with the following protection name:

"Threat Prevention Protection – ID NUM"

If a significant portion of these entries is found then the IPS Software Blade is not the only one impacting the gateway performance and the impact of other Software Blades should be considered.

 

(3) IPS Analyzer Tool Survey

 

We would like to receive your feedback in a short, up to 2 minutes survey. Your feedback will help us to improve the tool and the services we provide you. 

Click here to take the survey.

 

 

 

For any question please contact:

Attachments

Outcomes