Pour voir les transaction en cours par le systeme:
Rendez vous dans le dossier de iwss, vous y trouverez une commande stpeek... qui permet de voir les transaction en cours...
'F' - print session table for the FTP proxy process
'x' - Don't copy the session table shared memory to process local memory before printing - NOT RECOMMENDED
'h' - Print this informational page
'm' - Print the session table a maximum of [count] times, every [period] seconds.
Default is to print only print the table once. To change [period] use the 'n' option
'n' - Specify the [period] of seconds to peek at the session table. Default is 5 seconds
'w' - Print session table output to the file specified in [filename] instead of to the console
Columns printed:
SEQ:PID or CPID:PPID - The sequence number and process number of the state object attached to
this session. For process-per-session mode daemons this is replaced by the child process
and parent process pids
STATUS - The current status of the transaction. Supported values include:
DISCON - Not connected. These nodes are normally never displayed
RCV_REQ - Waiting for incoming client HTTP or ICAP request
DNS - Resolving the domain name of the HTTP server
CON_SRV - Connecting to the HTTP server
SND_REQ - Relaying the complete client request to the HTTP server
PRL_REQ - Relaying the client request to the HTTP server before
the request has been completely received by IWSS
RCV_RSP - Receiving the HTTP response from the server
SND_RSP - Relaying the complete HTTP or ICAP response from the server to the client
PRL_RSP - Relaying the partial HTTP response from the server to the client
before the entire response has been received by IWSS
SND_100 - Sending a 100 Continue HTTP or ICAP response to the client
TUNNEL - The session is an unexamined HTTPS or non-HTTP protocol transaction
which is tunneled by IWSS
FTPHTTP - An FTP over HTTP transaction
TXDONE - Transaction is complete but not yet reset
PRL_ICAP - Sending an ICAP response before the complete ICAP request has been
received by IWSS
FTP_CMD - Handling the command channel for an FTP session
CON_CMD - Connecting the command channel to the FTP server - includes DNS
DC_SRV - Connecting the passive-mde data channel to the FTP server
DC_CLT - Connecting the active-mode data channel to the FTP client
DL_SRV - Waiting for an active-node data connection from the FTP server
DL_CLT - Waiting for the passive-mode data connection from the FTP client
FTP_UL - Performing an FTP upload
FTP_DL - Performing an FTP download
PS_TXLOG - Writing the transaction log
PS_AQINF - Preparing access quota info
PS_AQENF - Enforcing the access quota
PS_URLS - Checking URL lists
PS_RATE - Performing TMUFE/WRS score query
PS_PLUGIN - Running PreScan plugins
PS_SKIP - Checking skip-scan rules
SC_VIRUS - Performing virus/spyware scan
SC_AAXS - Performing AAXS scan
SC_ITL - Perfoming IntelliTunnel scan
C_SOCK - Descriptor number of the client socket
CLIENT_ADDR - IPv4 address of the client connection
S_SOCK - Descriptor number of the server socket. For FTP proxy this is only the
command channel. For ICAP this is unused.
SERVER_ADDR - IPv4 address of the server connection. For FTP proxy this is
only the command channel. For ICAP this is unused.
LCL_PORT - The local port number used for the server connection
STAGE - The current stage handling the session. This is only used in WorkQueue
daemons, designated by command line option -m for the proxy process
STGTIME - The number of seconds the session has been in the current stage.
This is only used in WorkQueue daemons, designated by command line option
-m for the proxy process
CONTIME - The number of seconds that this client session has been actively handled
IOWAIT - The number of milliseconds since the last I/O event related to this session was handled
THRUBYTE - The number of bytes written to any socket during this transaction
THRUPUT - The number of bytes per second written during the current transaction
FLAGS - Flags set for this session. Currently supported flags:
IDL - The session is idle, waiting for a client request
SSL - The session is HTTPS
SKP - Scanning of this transaction has been skipped due to configuration
TBP - The session is non-HTTP binary protocol tunneled over port 80