Create a Post
Showing results for 
Search instead for 
Did you mean: 

IPS Analyzer Tool - How to analyze IPS performance efficiently

(1) Introduction

The Analyzer Tool collects information about the Network Protections usage. The PM statistics information indicates which patterns out of all network protections were called into action (but not necessarily matched) and how many times. Analyzer tool processes the statistic outputs and produces a clear HTML report based on that output. The report indicates which protections are causing critical, high or medium load on CPU and provides information regarding the load on Security Gateway per traffic type.

The Analyzer Tool is supported on R77 and above.
Only IPS protections are shown prior to R81.
From R81, Application Control rules will also be shown.

(2) Procedure

  1. Collect the relevant PM statistics per sk43733 - How to measure CPU time consumed by IPS protections - section "(1) IPS statistics" - sub-section "Show / Hide the procedure for versions R77 and above".

  2. Compress the PM statistics output folder on Security Gateway:

    [Expert@HostName:0]# cd /path_to_IPS_statistics_output_folder/
    [Expert@HostName:0]# tar cvf IPS_Statistics.tar <HH-MM-SS__MM-DD-YYYY>
  3. Transfer the compressed PM statistics output folder (IPS_Statistics.tar) from Security Gateway to your computer and unpack it.

  4. Run the Analyzer Tool on the unpacked PM statistics output folder:

    1. Open Windows Command Prompt

    2. Run:

      C:\> Analyzer.exe OFFLINE "DISK:\path_to_unpacked_statistics_output_folder"
  5. Review the output files:

    • AnalyzerReport.html - Main report file, located in DISK:\path_to_uncompressed_statistics_output_folder\AnalyzerReport.html (use Chrome or Firefox browser)

    • analyzer.log - Log file



The tool only displays protection information relevant to the supported software blades. Details from other software blades may appear with the following protection name:

"Threat Prevention Protection – ID NUM"

0 Replies