Support Center > Search Results > SecureKnowledge Details
IPS Analyzer Tool - How to analyze IPS and/or PM (pattern matcher) performance efficiently Technical Level
Solution

Table of Contents:

  1. Introduction
  2. Procedure
  3. Related solutions

 

(1) Introduction

The Analyzer Tool collects information about the Network Protections usage (IPS / Application Control). The PM statistics information indicates which patterns out of all network protections were called into action (but not necessarily matched) and how many times.

The Analyzer Tool processes the statistic outputs and produces a clear HTML report based on that output. The report indicates which protections are causing critical, high or medium load on CPU and provides information regarding the load on Security Gateway per traffic type.

The Analyzer Tool is supported on R77 and above.

Please note that prior to version  R81, only IPS protections are shown.
Starting with version R81, Application Control rules are also be shown.

(2) Procedure

  1. Collect the relevant PM statistics per sk43733 - How to measure CPU time consumed by IPS protections - section "(1) IPS statistics" - sub-section "Show / Hide the procedure for versions R77 and above".

  2. Compress the PM statistics output folder on Security Gateway:

    [Expert@HostName:0]# cd /path_to_PM_statistics_output_folder/
    [Expert@HostName:0]# tar cvf IPS_Statistics.tar <HH-MM-SS__MM-DD-YYYY>
  3. Transfer the compressed PM statistics output folder (IPS_Statistics.tar) from Security Gateway to your computer and unpack it.

  4. Run the Analyzer Tool on the unpacked PM statistics output folder:

    1. Open Windows Command Prompt and run the following command from the folder into which you've copied Analyzer.exe

    2. Run:

      C:\> Analyzer.exe OFFLINE "DISK:\path_to_unpacked_statistics_output_folder"
  5. Review the output files:

    • AnalyzerReport.html - Main report file, located in DISK:\path_to_uncompressed_statistics_output_folder\AnalyzerReport.html (use Chrome or Firefox browser)

    • analyzer.log - Log file

 

  

The Analyzer tool can be downloaded from the relevant CheckMates post here

    This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

    Give us Feedback
    Please rate this document
    [1=Worst,5=Best]
    Comment