./ismpeek: invalid option -- -
Usage:  ismpeek.sh [-h] [-F] [-c count] [-m count] [-n period] [-d display_format] [-w filename]

Prints a running display of internal IWSS proxy metrics.  The default
display format used is "Drnysucaz"
Options:
        -h      Print this help page
        -F      Display metrics for FTP (by default, HTTP metrics are displayed)
        -c      Display the column headers every [count] iterations.  Default is to display column
                headers only on the first iteration
        -m      Exit ismpeek after [count] iterations.  Default is to run until manually interrupted.
        -n      A new line is printed every [period] seconds, or 5 seconds by default
        -w      Save output to [filename] instead of stdout
        -d      Change the columns printed by using any combination of characters [DrRnNyYlLbBsSeEuUzZwWxXtcaCqg]
                D       DATETIMESTAMP - the time at which this line was output
                R       REQ_C - the cumulative average of total time IWSS spent handling each transaction, in ms
                r       REQ_A - the average of total transaction handling time for the last [period], in ms
                N       DNS_C - the cumulative average time spent on each DNS lookup prior to connecting, in ms
                n       DNS_A - the average DNS lookup time for the last [period], in ms
                Y       CON_C - the cumulative average time spent on establishing tcp connections, in ms
                y       CON_A - the average tcp connection time for the last [period], in ms
                L       LDAP_C - the cumulative average time spent per LDAP query, in ms
                l       LDAP_A - the average LDAP query time for the last [period], in ms
                B       PRE_C - the cumulative average time spent in each pre-scan job, including URL filtering lookup, in ms
                b       PRE_A - the average pre-scan time for the last [period], in ms
                S       SCAN_C - the cumulative average time spent in each scan job, including VSAPI and AAXS
                s       SCAN_A - the average scan job time for the last [period], in ms
                E       POST_C - the cumulative average time spent in post-scan accounting, in ms
                e       POST_A - the average post-scan job time for the last [period], in ms
                U       RATE_C - the cumulative average time spent handling URL rating requests to the remote rating server, in ms
                u       RATE_A - the average URL rating request time for the last [period], in ms
                Z       WT/NS/SY/LD/RT/SC% - The percentage of total cumulative request time spent in the activities of
                        Waiting for network IO(WT), DNS lookup (NS), tcp connecting (SY), LDAP lookup (LD), URL rating (RT), and scanning (SC)
                z       WT/NS/SY/LD/RT/SC% - The percentage of time spent in io wait, DNS, tcp connect, LDAP, URL rating, and scanning for the last [period]
                W       NB/DK/BL/NS/ES% - The percentage of total cumulative time spent in nonblocking IO, disk IO,
                         blocking IO (ldap, access quota), normal scan, and expensive scan stages
                w       NB/DK/BL/NS/ES% - The percentage of time spent in nonblocking IO, disk IO,
                         blocking IO (ldap, access quota), normal scan, and expensive scan stages for the last [period]
                X       TX_TOTAL_C TX_BLOCK_C - The cumulative number of transactions handled and blocked, respectively
                x       TX_TOTAL_A TX_BLOCK_A - The number of handled and blocked transaction during the last [period]
                t       THRU_IN - the throughput received from servers for the last measured interval, in bytes per second.
                        THRU_OUT - the throughput received from clients for the last measured interval, in bytes per second
                        Throughput is calculated over 5 second intervals, regardless of the [period] setting.
                        If [period] is not a multiple of 5, then THRU_IN and THRU_OUT will sometimes be
                        reported as 0, because the latest throughput calculation interval has not yet elapsed
                c       CONNS - the number of clients currently connected to the proxy
                a       ACTIVE - the number of sessions connected to the client that are at least partly through
                        a transaction, and not merely waiting for a follow-on client request to arrive on a keep-alive
                        connection
                C       {CLI,SRV,PXY,TMO}_CLOSE - the number of sessions closed by action from the client, server, proxy, or timeout
                q       LSTNQ - the number of newly established sessions waiting to be handled by any thread
                        NBIOQ - the number of sessions waiting for a non-blocking IO stage thread to handle them after
                         returning from any other stage
                        DIOQ - the number of sessions waiting to be handled by a disk IO stage thread
                        BIOQ - the number of sessions waiting to be handled by a blocking IO (ldap, access quota, user-id) stage thread
                        NSCNQ - the number of sessions waiting to be handled by a normal scanning stage thread
                        ESCNQ - the number of sessions waiting to be handled by an expensive scanning stage thread
                        ACCTQ - the number of objects waiting to be processed by an accounting stage thread
                g       AL/BL/VL/AQ - the number of pending logs dropped due to event generation speed
                         exceeding logging/database update speed.  AL = access, BL = URL or WRS block,
                         VL = virus log, AQ = access quota consumption update
                k       RSKA - the current number of idle keep-alive rating server sockets

cd /usr/iwss/

./stpeek -[Fxh] [-m count] [-n period] [-w filename]
Prints, in tab separated format, the status of each proxied
transaction that is actively handled by IWSS ftp or http proxy
New sessions that are queued will not be displayed
Options:

        'F' - print session table for the FTP proxy process
        'x' - Don't copy the session table shared memory to process local memory before printing - NOT RECOMMENDED
        'h' - Print this informational page
        'm' - Print the session table a maximum of [count] times, every [period] seconds.
           Default is to print only print the table once.  To change [period] use the 'n' option
        'n' - Specify the [period] of seconds to peek at the session table.  Default is 5 seconds
        'w' - Print session table output to the file specified in [filename] instead of to the console

Columns printed:

        SEQ:PID or CPID:PPID - The sequence number and process number of the state object attached to
                this session.  For process-per-session mode daemons this is replaced by the child process
                and parent process pids
        STATUS - The current status of the transaction.  Supported values include:
                DISCON - Not connected.  These nodes are normally never displayed
                RCV_REQ - Waiting for incoming client HTTP or ICAP request
                DNS - Resolving the domain name of the HTTP server
                CON_SRV - Connecting to the HTTP server
                SND_REQ - Relaying the complete client request to the HTTP server
                PRL_REQ - Relaying the client request to the HTTP server before
                        the request has been completely received by IWSS
                RCV_RSP - Receiving the HTTP response from the server
                SND_RSP - Relaying the complete HTTP or ICAP response from the server to the client
                PRL_RSP - Relaying the partial HTTP response from the server to the client
                        before the entire response has been received by IWSS
                SND_100 - Sending a 100 Continue HTTP or ICAP response to the client
                TUNNEL - The session is an unexamined HTTPS or non-HTTP protocol transaction
                        which is tunneled by IWSS
                FTPHTTP - An FTP over HTTP transaction
                TXDONE - Transaction is complete but not yet reset
                PRL_ICAP - Sending an ICAP response before the complete ICAP request has been
                        received by IWSS
                FTP_CMD - Handling the command channel for an FTP session
                CON_CMD - Connecting the command channel to the FTP server - includes DNS
                DC_SRV - Connecting the passive-mde data channel to the FTP server
                DC_CLT - Connecting the active-mode data channel to the FTP client
                DL_SRV - Waiting for an active-node data connection from the FTP server
                DL_CLT - Waiting for the passive-mode data connection from the FTP client
                FTP_UL - Performing an FTP upload
                FTP_DL - Performing an FTP download
                PS_TXLOG - Writing the transaction log
                PS_AQINF - Preparing access quota info
                PS_AQENF - Enforcing the access quota
                PS_URLS - Checking URL lists
                PS_RATE - Performing TMUFE/WRS score query
                PS_PLUGIN - Running PreScan plugins
                PS_SKIP - Checking skip-scan rules
                SC_VIRUS - Performing virus/spyware scan
                SC_AAXS - Performing AAXS scan
                SC_ITL - Perfoming IntelliTunnel scan
        C_SOCK - Descriptor number of the client socket
        CLIENT_ADDR - IPv4 address of the client connection
        S_SOCK - Descriptor number of the server socket.  For FTP proxy this is only the
                command channel.  For ICAP this is unused.
        SERVER_ADDR - IPv4 address of the server connection.  For FTP proxy this is
                only the command channel.  For ICAP this is unused.
        LCL_PORT - The local port number used for the server connection
        STAGE - The current stage handling the session.  This is only used in WorkQueue
                daemons, designated by command line option -m for the proxy process
        STGTIME - The number of seconds the session has been in the current stage.
                This is only used in WorkQueue daemons, designated by command line option
                -m for the proxy process
        CONTIME - The number of seconds that this client session has been actively handled
        IOWAIT - The number of milliseconds since the last I/O event related to this session was handled
        THRUBYTE - The number of bytes written to any socket during this transaction
        THRUPUT - The number of bytes per second written during the current transaction
        FLAGS - Flags set for this session.  Currently supported flags:
                IDL - The session is idle, waiting for a client request
                SSL - The session is HTTPS
                SKP - Scanning of this transaction has been skipped due to configuration
                TBP - The session is non-HTTP binary protocol tunneled over port 80